summaryrefslogtreecommitdiff
path: root/modules/pam_unix/passverify.c
diff options
context:
space:
mode:
Diffstat (limited to 'modules/pam_unix/passverify.c')
-rw-r--r--modules/pam_unix/passverify.c39
1 files changed, 25 insertions, 14 deletions
diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c
index 8cf95c33..d175dfa5 100644
--- a/modules/pam_unix/passverify.c
+++ b/modules/pam_unix/passverify.c
@@ -274,7 +274,7 @@ PAMH_ARG_DECL(int check_shadow_expiry,
}
if ((curdays - spent->sp_lstchg < spent->sp_min)
&& (spent->sp_min != -1)) {
- /*
+ /*
* The last password change was too recent. This error will be ignored
* if no password change is attempted.
*/
@@ -403,11 +403,11 @@ PAMH_ARG_DECL(char * create_password_hash,
return crypted;
}
-#ifdef HAVE_CRYPT_GENSALT_RN
+#ifdef HAVE_CRYPT_GENSALT_R
if (on(UNIX_BLOWFISH_PASS, ctrl)) {
char entropy[17];
crypt_make_salt(entropy, sizeof(entropy) - 1);
- sp = crypt_gensalt_rn(algoid, rounds,
+ sp = crypt_gensalt_r (algoid, rounds,
entropy, sizeof(entropy),
salt, sizeof(salt));
} else {
@@ -420,7 +420,7 @@ PAMH_ARG_DECL(char * create_password_hash,
/* For now be conservative so the resulting hashes
* are not too long. 8 bytes of salt prevents dictionary
* attacks well enough. */
-#ifdef HAVE_CRYPT_GENSALT_RN
+#ifdef HAVE_CRYPT_GENSALT_R
}
#endif
sp = crypt(password, salt);
@@ -684,7 +684,7 @@ save_old_password(pam_handle_t *pamh, const char *forwho, const char *oldpass,
D(("fflush or fsync error writing entries to old passwords file: %m"));
err = 1;
}
-
+
if (fclose(pwfile)) {
D(("fclose error writing entries to old passwords file: %m"));
err = 1;
@@ -804,7 +804,7 @@ PAMH_ARG_DECL(int unix_update_passwd,
D(("fflush or fsync error writing entries to password file: %m"));
err = 1;
}
-
+
if (fclose(pwfile)) {
D(("fclose error writing entries to password file: %m"));
err = 1;
@@ -839,19 +839,16 @@ done:
PAMH_ARG_DECL(int unix_update_shadow,
const char *forwho, char *towhat)
{
- struct spwd *spwdent = NULL, *stmpent = NULL;
+ struct spwd spwdent, *stmpent = NULL;
struct stat st;
FILE *pwfile, *opwfile;
- int err = 1;
+ int err = 0;
int oldmask;
+ int wroteentry = 0;
#ifdef WITH_SELINUX
security_context_t prev_context=NULL;
#endif
- spwdent = getspnam(forwho);
- if (spwdent == NULL) {
- return PAM_USER_UNKNOWN;
- }
oldmask = umask(077);
#ifdef WITH_SELINUX
@@ -912,7 +909,7 @@ PAMH_ARG_DECL(int unix_update_shadow,
if (!strcmp(stmpent->sp_namp, forwho)) {
stmpent->sp_pwdp = towhat;
stmpent->sp_lstchg = time(NULL) / (60 * 60 * 24);
- err = 0;
+ wroteentry = 1;
D(("Set password %s for %s", stmpent->sp_pwdp, forwho));
}
@@ -924,13 +921,27 @@ PAMH_ARG_DECL(int unix_update_shadow,
stmpent = fgetspent(opwfile);
}
+
fclose(opwfile);
+ if (!wroteentry && !err) {
+ spwdent.sp_namp = forwho;
+ spwdent.sp_pwdp = towhat;
+ spwdent.sp_lstchg = time(NULL) / (60 * 60 * 24);
+ spwdent.sp_min = spwdent.sp_max = spwdent.sp_warn = spwdent.sp_inact =
+ spwdent.sp_expire = -1;
+ spwdent.sp_flag = (unsigned long)-1l;
+ if (putspent(&spwdent, pwfile)) {
+ D(("error writing entry to shadow file: %m"));
+ err = 1;
+ }
+ }
+
if (fflush(pwfile) || fsync(fileno(pwfile))) {
D(("fflush or fsync error writing entries to shadow file: %m"));
err = 1;
}
-
+
if (fclose(pwfile)) {
D(("fclose error writing entries to shadow file: %m"));
err = 1;