62 lines
1.7 KiB
Diff
62 lines
1.7 KiB
Diff
--- a/src/vlock/auth.c
|
|
+++ b/src/vlock/auth.c
|
|
@@ -4,7 +4,7 @@
|
|
PAM authentication routine for vlock, the VT locking program for linux.
|
|
|
|
Copyright (C) 1994-1998 Michael K. Johnson <johnsonm@redhat.com>
|
|
- Copyright (C) 2002, 2005 Dmitry V. Levin <ldv@altlinux.org>
|
|
+ Copyright (C) 2002, 2005, 2013 Dmitry V. Levin <ldv@altlinux.org>
|
|
|
|
This program is free software; you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
@@ -36,6 +36,25 @@
|
|
/* Unrecognized PAM error timeout. */
|
|
#define ERROR_TIMEOUT 10
|
|
|
|
+static int
|
|
+do_account_password_management (pam_handle_t *pamh)
|
|
+{
|
|
+ int rc;
|
|
+
|
|
+ /* Whether the authenticated user is allowed to log in? */
|
|
+ rc = pam_acct_mgmt (pamh, 0);
|
|
+
|
|
+ /* Do we need to prompt the user for a new password? */
|
|
+ if (rc == PAM_NEW_AUTHTOK_REQD)
|
|
+ rc = pam_chauthtok (pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
|
|
+
|
|
+ /* Extend the lifetime of the existing credentials. */
|
|
+ if (rc == PAM_SUCCESS)
|
|
+ rc = pam_setcred (pamh, PAM_REFRESH_CRED);
|
|
+
|
|
+ return rc;
|
|
+}
|
|
+
|
|
int
|
|
get_password (pam_handle_t * pamh, const char *username, const char *tty)
|
|
{
|
|
@@ -84,6 +103,23 @@ get_password (pam_handle_t * pamh, const char *username, const char *tty)
|
|
switch (rc)
|
|
{
|
|
case PAM_SUCCESS:
|
|
+ rc = do_account_password_management (pamh);
|
|
+
|
|
+ if (rc != PAM_SUCCESS)
|
|
+ {
|
|
+ /*
|
|
+ * The user was authenticated but
|
|
+ * either account or password management
|
|
+ * returned an error.
|
|
+ */
|
|
+ printf ("%s.\n\n\n",
|
|
+ pam_strerror (pamh, rc));
|
|
+ fflush (stdout);
|
|
+ pam_end (pamh, rc);
|
|
+ pamh = 0;
|
|
+ break;
|
|
+ }
|
|
+
|
|
pam_end (pamh, rc);
|
|
/* Log the fact of console unlocking. */
|
|
syslog (LOG_NOTICE,
|