You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
61 lines
1.7 KiB
61 lines
1.7 KiB
--- a/src/vlock/auth.c |
|
+++ b/src/vlock/auth.c |
|
@@ -4,7 +4,7 @@ |
|
PAM authentication routine for vlock, the VT locking program for linux. |
|
|
|
Copyright (C) 1994-1998 Michael K. Johnson <johnsonm@redhat.com> |
|
- Copyright (C) 2002, 2005 Dmitry V. Levin <ldv@altlinux.org> |
|
+ Copyright (C) 2002, 2005, 2013 Dmitry V. Levin <ldv@altlinux.org> |
|
|
|
This program is free software; you can redistribute it and/or modify |
|
it under the terms of the GNU General Public License as published by |
|
@@ -36,6 +36,25 @@ |
|
/* Unrecognized PAM error timeout. */ |
|
#define ERROR_TIMEOUT 10 |
|
|
|
+static int |
|
+do_account_password_management (pam_handle_t *pamh) |
|
+{ |
|
+ int rc; |
|
+ |
|
+ /* Whether the authenticated user is allowed to log in? */ |
|
+ rc = pam_acct_mgmt (pamh, 0); |
|
+ |
|
+ /* Do we need to prompt the user for a new password? */ |
|
+ if (rc == PAM_NEW_AUTHTOK_REQD) |
|
+ rc = pam_chauthtok (pamh, PAM_CHANGE_EXPIRED_AUTHTOK); |
|
+ |
|
+ /* Extend the lifetime of the existing credentials. */ |
|
+ if (rc == PAM_SUCCESS) |
|
+ rc = pam_setcred (pamh, PAM_REFRESH_CRED); |
|
+ |
|
+ return rc; |
|
+} |
|
+ |
|
int |
|
get_password (pam_handle_t * pamh, const char *username, const char *tty) |
|
{ |
|
@@ -84,6 +103,23 @@ get_password (pam_handle_t * pamh, const char *username, const char *tty) |
|
switch (rc) |
|
{ |
|
case PAM_SUCCESS: |
|
+ rc = do_account_password_management (pamh); |
|
+ |
|
+ if (rc != PAM_SUCCESS) |
|
+ { |
|
+ /* |
|
+ * The user was authenticated but |
|
+ * either account or password management |
|
+ * returned an error. |
|
+ */ |
|
+ printf ("%s.\n\n\n", |
|
+ pam_strerror (pamh, rc)); |
|
+ fflush (stdout); |
|
+ pam_end (pamh, rc); |
|
+ pamh = 0; |
|
+ break; |
|
+ } |
|
+ |
|
pam_end (pamh, rc); |
|
/* Log the fact of console unlocking. */ |
|
syslog (LOG_NOTICE,
|
|
|