← Back to branch summary

~ubuntu-branches/ubuntu/natty/pam/natty-security

« back to all changes in this revision

Viewing changes to debian/patches-applied/pam_1.0.4_mindays

  • Committer: Bazaar Package Importer
  • Author(s): Steve Langasek
  • Date: 2009-08-26 00:40:14 UTC
  • mfrom: (1.1.5 upstream)
  • Revision ID: james.westby@ubuntu.com-20090826004014-qsd46mostuyljeqp
Tags: 1.1.0-1ubuntu1
* Merge from Debian, remaining changes:
  - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's not
    present there or in /etc/security/pam_env.conf. (should send to Debian).
  - debian/libpam0g.postinst: only ask questions during update-manager when
    there are non-default services running.
  - debian/patches-applied/series: Ubuntu patches are as below ...
  - debian/patches-applied/ubuntu-no-error-if-missingok: add a new, magic
    module option 'missingok' which will suppress logging of errors by
    libpam if the module is not found.
  - debian/patches-applied/ubuntu-regression_fix_securetty: prompt for
    password on bad username.
  - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly
    initialise RLIMIT_NICE rather than relying on the kernel limits.
  - Change Vcs-Bzr to point at the Ubuntu branch.
  - debian/local/common-password, debian/pam-configs/unix: switch from
    "md5" to "sha512" as password crypt default.
  - Make libpam-modules depend on base-files (>= 5.0.0ubuntu6), to ensure
    run-parts does the right thing in /etc/update-motd.d.
  - debian/patches-applied/pam_motd-legal-notice: display the contents of
    /etc/legal once, then set a flag in the user's homedir to prevent showing
    it again.
  - debian/local/common-{auth,account,password}.md5sums: include the
    Ubuntu-specific intrepid,jaunty md5sums for use during the
    common-session-noninteractive upgrade.
* Dropped changes, superseded upstream:
  - debian/patches-applied/ubuntu-fix_standard_types: Use standard u_int8_t
    type rather than __u8.
  - debian/patches-applied/ubuntu-user_defined_environment: Look at
    ~/.pam_environment too, with the same format as
    /etc/security/pam_env.conf.

Show diffs side-by-side

added added

removed removed

Lines of Context:
debian/patches-applied/pam_1.0.4_mindays
1
 
Index: debian-pkg-pam/modules/pam_unix/pam_unix_acct.c
2
 
===================================================================
3
 
--- debian-pkg-pam.orig/modules/pam_unix/pam_unix_acct.c        2009-04-17 11:30:15.000000000 -0700
4
 
+++ debian-pkg-pam/modules/pam_unix/pam_unix_acct.c     2009-04-17 11:31:25.000000000 -0700
5
 
@@ -250,6 +250,9 @@
6
 
                _make_remark(pamh, ctrl, PAM_ERROR_MSG,
7
 
                        _("Your account has expired; please contact your system administrator"));
8
 
                break;
9
 
+       case PAM_AUTHTOK_ERR:
10
 
+               retval = PAM_SUCCESS;
11
 
+               /* fallthrough */
12
 
        case PAM_SUCCESS:
13
 
                if (daysleft >= 0) {
14
 
                        pam_syslog(pamh, LOG_DEBUG,
15
 
Index: debian-pkg-pam/modules/pam_unix/passverify.c
16
 
===================================================================
17
 
--- debian-pkg-pam.orig/modules/pam_unix/passverify.c   2009-04-17 11:30:07.000000000 -0700
18
 
+++ debian-pkg-pam/modules/pam_unix/passverify.c        2009-04-17 11:30:59.000000000 -0700
19
 
@@ -301,8 +301,16 @@
20
 
                *daysleft = (int)((spent->sp_lstchg + spent->sp_max) - curdays);
21
 
                D(("warn before expiry"));
22
 
        }
23
 
+       if ((curdays - spent->sp_lstchg < spent->sp_min)
24
 
+           && (spent->sp_min != -1)) {
25
 
+               /* 
26
 
+                * The last password change was too recent. This error will be ignored
27
 
+                * if no password change is attempted.
28
 
+                */
29
 
+               D(("password change too recent"));
30
 
+               return PAM_AUTHTOK_ERR;
31
 
+       }
32
 
        return PAM_SUCCESS;
33
 
-
34
 
 }
35
 
 
36
 
 /* passwd/salt conversion macros */