[Pkg-shadow-commits] r431 - branches/experimental/debian/patches

Nicolas FRANCOIS nekral-guest at costa.debian.org
Wed Aug 10 00:29:07 UTC 2005 

Author: nekral-guest
Date: 2005-08-10 00:29:06 +0000 (Wed, 10 Aug 2005)
New Revision: 431

Added:
   branches/experimental/debian/patches/445_su_password_expired
Modified:
   branches/experimental/debian/patches/series
Log:
Commit the fix for #321384 (su refuses to change an expired password).


Added: branches/experimental/debian/patches/445_su_password_expired
===================================================================
--- branches/experimental/debian/patches/445_su_password_expired	2005-08-07 11:38:10 UTC (rev 430)
+++ branches/experimental/debian/patches/445_su_password_expired	2005-08-10 00:29:06 UTC (rev 431)
@@ -0,0 +1,46 @@
+Goal: If an password is expired, su should propose to change this password.
+      This is important in systems without ssh, sudo and where root can't
+      login in console.
+Fix: #321384
+
+Status wrt upstream: proposed for 4.0.12
+
+Note: When su is not compiled with PAM, there is no syslog messages.
+
+Index: shadow-4.0.11.1/src/su.c
+===================================================================
+--- shadow-4.0.11.1.orig/src/su.c	2005-08-06 00:27:35.000000000 +0200
++++ shadow-4.0.11.1/src/su.c	2005-08-09 12:35:19.000000000 +0200
+@@ -697,6 +697,16 @@
+ 		if (amroot) {
+ 			fprintf (stderr, _("%s: %s\n(Ignored)\n"), Prog,
+ 				 pam_strerror (pamh, ret));
++		} else if (ret == PAM_NEW_AUTHTOK_REQD) {
++			ret = pam_chauthtok (pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
++			if (ret != PAM_SUCCESS) {
++				SYSLOG ((LOG_ERR, "pam_chauthtok: %s",
++				         pam_strerror (pamh, ret)));
++				fprintf (stderr, _("%s: %s\n"), Prog,
++				         pam_strerror (pamh, ret));
++				pam_end (pamh, ret);
++				su_failure (tty);
++			}
+ 		} else {
+ 			SYSLOG ((LOG_ERR, "pam_acct_mgmt: %s",
+ 				 pam_strerror (pamh, ret)));
+@@ -745,10 +755,11 @@
+ 		if (!spwd)
+ 			spwd = pwd_to_spwd (&pwent);
+ 
+-		if (isexpired (&pwent, spwd)) {
+-			SYSLOG ((pwent.pw_uid ? LOG_WARN : LOG_CRIT,
+-				 "Expired account %s", name));
+-			su_failure (tty);
++		if (expire (&pwent, spwd)) {
++			struct passwd *pwd = getpwnam (name);
++			spwd = getspnam (name);
++			if (pwd)
++				pwent = *pwd;
+ 		}
+ 	}
+ 

Modified: branches/experimental/debian/patches/series
===================================================================
--- branches/experimental/debian/patches/series	2005-08-07 11:38:10 UTC (rev 430)
+++ branches/experimental/debian/patches/series	2005-08-10 00:29:06 UTC (rev 431)
@@ -153,6 +153,7 @@
 362_warning_messages
 443_chage_exit_values
 364_ENV_SUPATH
+445_su_password_expired
 # 444_no_strip_during_install # not needed
 #207_id-manpages
 999_hack_build_package

More information about the Pkg-shadow-commits mailing list