[Pkg-shadow-commits] r2711 - in upstream/trunk: . src
Nicolas FRANÇOIS
nekral-guest at alioth.debian.org
Sun Apr 19 16:22:17 UTC 2009
Author: nekral-guest
Date: 2009-04-19 16:22:17 +0000 (Sun, 19 Apr 2009)
New Revision: 2711
Modified:
upstream/trunk/ChangeLog
upstream/trunk/NEWS
upstream/trunk/src/login.c
Log:
* NEWS, src/login.c: Also check if the authentication token of the
user has to be updated in case the user was already authenticated.
Modified: upstream/trunk/ChangeLog
===================================================================
--- upstream/trunk/ChangeLog 2009-04-19 16:09:00 UTC (rev 2710)
+++ upstream/trunk/ChangeLog 2009-04-19 16:22:17 UTC (rev 2711)
@@ -1,5 +1,10 @@
2009-04-19 Nicolas François <nicolas.francois at centraliens.net>
+ * NEWS, src/login.c: Also check if the authentication token of the
+ user has to be updated in case the user was already authenticated.
+
+2009-04-19 Nicolas François <nicolas.francois at centraliens.net>
+
* src/login.c: fflg is already restricted to root. Move
pam_acct_mgmt(), in case of fflg, earlier. This is equivalent and
simplifies the code.
Modified: upstream/trunk/NEWS
===================================================================
--- upstream/trunk/NEWS 2009-04-19 16:09:00 UTC (rev 2710)
+++ upstream/trunk/NEWS 2009-04-19 16:22:17 UTC (rev 2711)
@@ -5,6 +5,8 @@
- login
* Do not trust the current utmp entry's ut_line to set PAM_TTY. This could
lead to DOS attacks.
+ * (PAM) Even if the user was already authenticated (-f flag), ask the
+ user to update his authentication token if needed.
shadow-4.1.3 -> shadow-4.1.3.1 2009-04-15
Modified: upstream/trunk/src/login.c
===================================================================
--- upstream/trunk/src/login.c 2009-04-19 16:09:00 UTC (rev 2710)
+++ upstream/trunk/src/login.c 2009-04-19 16:22:17 UTC (rev 2711)
@@ -811,17 +811,14 @@
/* We don't get here unless they were authenticated above */
alarm (0);
- retcode = pam_acct_mgmt (pamh, 0);
+ }
- if (retcode == PAM_NEW_AUTHTOK_REQD) {
- retcode = pam_chauthtok (pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
- }
-
- PAM_FAIL_CHECK;
- } else (fflg) {
- retcode = pam_acct_mgmt (pamh, 0);
- PAM_FAIL_CHECK;
+ /* Check the account validity */
+ retcode = pam_acct_mgmt (pamh, 0);
+ if (retcode == PAM_NEW_AUTHTOK_REQD) {
+ retcode = pam_chauthtok (pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
}
+ PAM_FAIL_CHECK;
/* Grab the user information out of the password file for future usage
First get the username that we are actually using, though.
More information about the Pkg-shadow-commits
mailing list