From ff4104776bb51ff936fd1b62ec76d6e03db88d23 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Wed, 2 Nov 2005 12:41:34 +0000 Subject: Relevant BUGIDs: 1245888 Purpose of commit: bugfix Commit summary: --------------- * modules/pam_unix/pam_unix_passwd.c (_unix_verify_shadow): Change the logic when comparing dates to handle corner cases better [#1245888]. --- modules/pam_unix/pam_unix_passwd.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) (limited to 'modules/pam_unix') diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index 727f3b3b..f433ab2c 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -923,10 +923,21 @@ static int _unix_verify_shadow(pam_handle_t *pamh, const char *user, unsigned in if (off(UNIX__IAMROOT, ctrl)) { /* Get the current number of days since 1970 */ curdays = time(NULL) / (60 * 60 * 24); - if ((curdays < (spwdent->sp_lstchg + spwdent->sp_min)) - && (spwdent->sp_min != -1)) + if (curdays < spent->sp_lstchg) { + pam_syslog(pamh, LOG_DEBUG, + "account %s has password changed in future", + uname); + curdays = spent->sp_lstchg; + } + if ((curdays - spwdent->sp_lstchg < spwdent->sp_min) + && (spwdent->sp_min != -1)) + /* + * The last password change was too recent. + */ retval = PAM_AUTHTOK_ERR; - else if ((curdays > (spwdent->sp_lstchg + spwdent->sp_max + spwdent->sp_inact)) + else if ((curdays - spent->sp_lstchg > spent->sp_max) + && (curdays - spent->sp_lstchg > spent->sp_inact) + && (curdays - spent->sp_lstchg > spent->sp_max + spent->sp_inact) && (spwdent->sp_max != -1) && (spwdent->sp_inact != -1) && (spwdent->sp_lstchg != 0)) /* -- cgit v1.2.3