kbd/kbd-1.15.5-vlock-more-pam.patch

--- a/src/vlock/auth.c
+++ b/src/vlock/auth.c
@@ -4,7 +4,7 @@
   PAM authentication routine for vlock, the VT locking program for linux.
 
   Copyright (C) 1994-1998 Michael K. Johnson <johnsonm@redhat.com>
-  Copyright (C) 2002, 2005 Dmitry V. Levin <ldv@altlinux.org>
+  Copyright (C) 2002, 2005, 2013 Dmitry V. Levin <ldv@altlinux.org>
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -36,6 +36,25 @@
 /* Unrecognized PAM error timeout. */
 #define	ERROR_TIMEOUT	10
 
+static int
+do_account_password_management (pam_handle_t *pamh)
+{
+	int rc;
+
+	/* Whether the authenticated user is allowed to log in? */
+	rc = pam_acct_mgmt (pamh, 0);
+
+	/* Do we need to prompt the user for a new password? */
+	if (rc == PAM_NEW_AUTHTOK_REQD)
+		rc = pam_chauthtok (pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
+
+	/* Extend the lifetime of the existing credentials. */
+	if (rc == PAM_SUCCESS)
+		rc = pam_setcred (pamh, PAM_REFRESH_CRED);
+
+	return rc;
+}
+
 int
 get_password (pam_handle_t * pamh, const char *username, const char *tty)
 {
@@ -84,6 +103,23 @@ get_password (pam_handle_t * pamh, const char *username, const char *tty)
 		switch (rc)
 		{
 			case PAM_SUCCESS:
+				rc = do_account_password_management (pamh);
+
+				if (rc != PAM_SUCCESS)
+				{
+					/*
+					 * The user was authenticated but
+					 * either account or password management
+					 * returned an error.
+					 */
+					printf ("%s.\n\n\n",
+						pam_strerror (pamh, rc));
+					fflush (stdout);
+					pam_end (pamh, rc);
+					pamh = 0;
+					break;
+				}
+
 				pam_end (pamh, rc);
 				/* Log the fact of console unlocking. */
 				syslog (LOG_NOTICE,
RHEL 9.0.0 Alpha bootstrap The content of this branch was automatically imported from Fedora ELN with the following as its source: https://src.fedoraproject.org/rpms/kbd#02a2eb26c9357fb02eb951933facff4c6d5c3353 2020-10-15 12:28:53 +00:00			`--- a/src/vlock/auth.c`
			`+++ b/src/vlock/auth.c`
			`@@ -4,7 +4,7 @@`
			`PAM authentication routine for vlock, the VT locking program for linux.`

			`Copyright (C) 1994-1998 Michael K. Johnson <johnsonm@redhat.com>`
			`- Copyright (C) 2002, 2005 Dmitry V. Levin <ldv@altlinux.org>`
			`+ Copyright (C) 2002, 2005, 2013 Dmitry V. Levin <ldv@altlinux.org>`

			`This program is free software; you can redistribute it and/or modify`
			`it under the terms of the GNU General Public License as published by`
			`@@ -36,6 +36,25 @@`
			`/* Unrecognized PAM error timeout. */`
			`#define ERROR_TIMEOUT 10`

			`+static int`
			`+do_account_password_management (pam_handle_t *pamh)`
			`+{`
			`+ int rc;`
			`+`
			`+ /* Whether the authenticated user is allowed to log in? */`
			`+ rc = pam_acct_mgmt (pamh, 0);`
			`+`
			`+ /* Do we need to prompt the user for a new password? */`
			`+ if (rc == PAM_NEW_AUTHTOK_REQD)`
			`+ rc = pam_chauthtok (pamh, PAM_CHANGE_EXPIRED_AUTHTOK);`
			`+`
			`+ /* Extend the lifetime of the existing credentials. */`
			`+ if (rc == PAM_SUCCESS)`
			`+ rc = pam_setcred (pamh, PAM_REFRESH_CRED);`
			`+`
			`+ return rc;`
			`+}`
			`+`
			`int`
			`get_password (pam_handle_t * pamh, const char username, const char tty)`
			`{`
			`@@ -84,6 +103,23 @@ get_password (pam_handle_t * pamh, const char username, const char tty)`
			`switch (rc)`
			`{`
			`case PAM_SUCCESS:`
			`+ rc = do_account_password_management (pamh);`
			`+`
			`+ if (rc != PAM_SUCCESS)`
			`+ {`
			`+ /*`
			`+ * The user was authenticated but`
			`+ * either account or password management`
			`+ * returned an error.`
			`+ */`
			`+ printf ("%s.\n\n\n",`
			`+ pam_strerror (pamh, rc));`
			`+ fflush (stdout);`
			`+ pam_end (pamh, rc);`
			`+ pamh = 0;`
			`+ break;`
			`+ }`
			`+`
			`pam_end (pamh, rc);`
			`/* Log the fact of console unlocking. */`
			`syslog (LOG_NOTICE,`