You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
62 lines
1.7 KiB
62 lines
1.7 KiB
6 years ago
|
--- a/src/vlock/auth.c
|
||
|
+++ b/src/vlock/auth.c
|
||
|
@@ -4,7 +4,7 @@
|
||
|
PAM authentication routine for vlock, the VT locking program for linux.
|
||
|
|
||
|
Copyright (C) 1994-1998 Michael K. Johnson <johnsonm@redhat.com>
|
||
|
- Copyright (C) 2002, 2005 Dmitry V. Levin <ldv@altlinux.org>
|
||
|
+ Copyright (C) 2002, 2005, 2013 Dmitry V. Levin <ldv@altlinux.org>
|
||
|
|
||
|
This program is free software; you can redistribute it and/or modify
|
||
|
it under the terms of the GNU General Public License as published by
|
||
|
@@ -36,6 +36,25 @@
|
||
|
/* Unrecognized PAM error timeout. */
|
||
|
#define ERROR_TIMEOUT 10
|
||
|
|
||
|
+static int
|
||
|
+do_account_password_management (pam_handle_t *pamh)
|
||
|
+{
|
||
|
+ int rc;
|
||
|
+
|
||
|
+ /* Whether the authenticated user is allowed to log in? */
|
||
|
+ rc = pam_acct_mgmt (pamh, 0);
|
||
|
+
|
||
|
+ /* Do we need to prompt the user for a new password? */
|
||
|
+ if (rc == PAM_NEW_AUTHTOK_REQD)
|
||
|
+ rc = pam_chauthtok (pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
|
||
|
+
|
||
|
+ /* Extend the lifetime of the existing credentials. */
|
||
|
+ if (rc == PAM_SUCCESS)
|
||
|
+ rc = pam_setcred (pamh, PAM_REFRESH_CRED);
|
||
|
+
|
||
|
+ return rc;
|
||
|
+}
|
||
|
+
|
||
|
int
|
||
|
get_password (pam_handle_t * pamh, const char *username, const char *tty)
|
||
|
{
|
||
|
@@ -84,6 +103,23 @@ get_password (pam_handle_t * pamh, const char *username, const char *tty)
|
||
|
switch (rc)
|
||
|
{
|
||
|
case PAM_SUCCESS:
|
||
|
+ rc = do_account_password_management (pamh);
|
||
|
+
|
||
|
+ if (rc != PAM_SUCCESS)
|
||
|
+ {
|
||
|
+ /*
|
||
|
+ * The user was authenticated but
|
||
|
+ * either account or password management
|
||
|
+ * returned an error.
|
||
|
+ */
|
||
|
+ printf ("%s.\n\n\n",
|
||
|
+ pam_strerror (pamh, rc));
|
||
|
+ fflush (stdout);
|
||
|
+ pam_end (pamh, rc);
|
||
|
+ pamh = 0;
|
||
|
+ break;
|
||
|
+ }
|
||
|
+
|
||
|
pam_end (pamh, rc);
|
||
|
/* Log the fact of console unlocking. */
|
||
|
syslog (LOG_NOTICE,
|