[Pkg-shadow-commits] r431 - branches/experimental/debian/patches
Nicolas FRANCOIS
nekral-guest at costa.debian.org
Wed Aug 10 00:29:07 UTC 2005
Author: nekral-guest
Date: 2005-08-10 00:29:06 +0000 (Wed, 10 Aug 2005)
New Revision: 431
Added:
branches/experimental/debian/patches/445_su_password_expired
Modified:
branches/experimental/debian/patches/series
Log:
Commit the fix for #321384 (su refuses to change an expired password).
Added: branches/experimental/debian/patches/445_su_password_expired
===================================================================
--- branches/experimental/debian/patches/445_su_password_expired 2005-08-07 11:38:10 UTC (rev 430)
+++ branches/experimental/debian/patches/445_su_password_expired 2005-08-10 00:29:06 UTC (rev 431)
@@ -0,0 +1,46 @@
+Goal: If an password is expired, su should propose to change this password.
+ This is important in systems without ssh, sudo and where root can't
+ login in console.
+Fix: #321384
+
+Status wrt upstream: proposed for 4.0.12
+
+Note: When su is not compiled with PAM, there is no syslog messages.
+
+Index: shadow-4.0.11.1/src/su.c
+===================================================================
+--- shadow-4.0.11.1.orig/src/su.c 2005-08-06 00:27:35.000000000 +0200
++++ shadow-4.0.11.1/src/su.c 2005-08-09 12:35:19.000000000 +0200
+@@ -697,6 +697,16 @@
+ if (amroot) {
+ fprintf (stderr, _("%s: %s\n(Ignored)\n"), Prog,
+ pam_strerror (pamh, ret));
++ } else if (ret == PAM_NEW_AUTHTOK_REQD) {
++ ret = pam_chauthtok (pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
++ if (ret != PAM_SUCCESS) {
++ SYSLOG ((LOG_ERR, "pam_chauthtok: %s",
++ pam_strerror (pamh, ret)));
++ fprintf (stderr, _("%s: %s\n"), Prog,
++ pam_strerror (pamh, ret));
++ pam_end (pamh, ret);
++ su_failure (tty);
++ }
+ } else {
+ SYSLOG ((LOG_ERR, "pam_acct_mgmt: %s",
+ pam_strerror (pamh, ret)));
+@@ -745,10 +755,11 @@
+ if (!spwd)
+ spwd = pwd_to_spwd (&pwent);
+
+- if (isexpired (&pwent, spwd)) {
+- SYSLOG ((pwent.pw_uid ? LOG_WARN : LOG_CRIT,
+- "Expired account %s", name));
+- su_failure (tty);
++ if (expire (&pwent, spwd)) {
++ struct passwd *pwd = getpwnam (name);
++ spwd = getspnam (name);
++ if (pwd)
++ pwent = *pwd;
+ }
+ }
+
Modified: branches/experimental/debian/patches/series
===================================================================
--- branches/experimental/debian/patches/series 2005-08-07 11:38:10 UTC (rev 430)
+++ branches/experimental/debian/patches/series 2005-08-10 00:29:06 UTC (rev 431)
@@ -153,6 +153,7 @@
362_warning_messages
443_chage_exit_values
364_ENV_SUPATH
+445_su_password_expired
# 444_no_strip_during_install # not needed
#207_id-manpages
999_hack_build_package
More information about the Pkg-shadow-commits
mailing list