Relevant BUGIDs: debian#514437 rhbz#487216

Purpose of commit: bugfix Commit summary: --------------- 2009-02-26 Tomas Mraz <t8m@centrum.cz> * xtests/Makefile.am: Add tst-pam_unix4. * xtests/tst-pam_unix4.c: New test for password change and shadow min days limit. * xtests/tst-pam_unix4.pamd: Likewise. * xtests/tst-pam_unix4.sh: Likewise. * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Ignore PAM_AUTHTOK_ERR on shadow verification. * modules/pam_unix/passverify.c (check_shadow_expiry): Return PAM_AUTHTOK_ERR if sp_min limit for password change is defied.
author: Tomas Mraz <tm@t8m.info> 2009-02-26 18:56:12 +0000
committer: Tomas Mraz <tm@t8m.info> 2009-02-26 18:56:12 +0000
commit: 5891c5508e3b9ba699a6a6ba3dae9221a45528e5 (patch)
tree: 11f0bfce0b989303da194baff95d4655733b9dcc /modules/pam_unix/passverify.c
parent: ca06584b38da8c44c26da19399a1bfd802ef5ee4 (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c
index 281716e0..360bd90b 100644
--- a/modules/pam_unix/passverify.c
+++ b/modules/pam_unix/passverify.c
@@ -272,8 +272,16 @@ PAMH_ARG_DECL(int check_shadow_expiry,
 		*daysleft = (int)((spent->sp_lstchg + spent->sp_max) - curdays);
 		D(("warn before expiry"));
 	}
+	if ((curdays - spent->sp_lstchg < spent->sp_min)
+	    && (spent->sp_min != -1)) {
+		/* 
+		 * The last password change was too recent. This error will be ignored
+		 * if no password change is attempted.
+		 */
+		D(("password change too recent"));
+		return PAM_AUTHTOK_ERR;
+	}
 	return PAM_SUCCESS;
-
 }
 
 /* passwd/salt conversion macros */
author	Tomas Mraz <tm@t8m.info>	2009-02-26 18:56:12 +0000
committer	Tomas Mraz <tm@t8m.info>	2009-02-26 18:56:12 +0000
commit	5891c5508e3b9ba699a6a6ba3dae9221a45528e5 (patch)
tree	11f0bfce0b989303da194baff95d4655733b9dcc /modules/pam_unix/passverify.c
parent	ca06584b38da8c44c26da19399a1bfd802ef5ee4 (diff)