* NEWS, src/login.c: Also check if the authentication token of the
user has to be updated in case the user was already authenticated.
This commit is contained in:
parent
ca10b825c7
commit
131e95ffaf
@ -1,3 +1,8 @@
|
||||
2009-04-19 Nicolas François <nicolas.francois@centraliens.net>
|
||||
|
||||
* NEWS, src/login.c: Also check if the authentication token of the
|
||||
user has to be updated in case the user was already authenticated.
|
||||
|
||||
2009-04-19 Nicolas François <nicolas.francois@centraliens.net>
|
||||
|
||||
* src/login.c: fflg is already restricted to root. Move
|
||||
|
2
NEWS
2
NEWS
@ -5,6 +5,8 @@ shadow-4.1.3.1 -> shadow-4.1.3.2 UNRELEASED
|
||||
- login
|
||||
* Do not trust the current utmp entry's ut_line to set PAM_TTY. This could
|
||||
lead to DOS attacks.
|
||||
* (PAM) Even if the user was already authenticated (-f flag), ask the
|
||||
user to update his authentication token if needed.
|
||||
|
||||
shadow-4.1.3 -> shadow-4.1.3.1 2009-04-15
|
||||
|
||||
|
17
src/login.c
17
src/login.c
@ -811,18 +811,15 @@ int main (int argc, char **argv)
|
||||
|
||||
/* We don't get here unless they were authenticated above */
|
||||
alarm (0);
|
||||
retcode = pam_acct_mgmt (pamh, 0);
|
||||
|
||||
if (retcode == PAM_NEW_AUTHTOK_REQD) {
|
||||
retcode = pam_chauthtok (pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
|
||||
}
|
||||
|
||||
PAM_FAIL_CHECK;
|
||||
} else (fflg) {
|
||||
retcode = pam_acct_mgmt (pamh, 0);
|
||||
PAM_FAIL_CHECK;
|
||||
}
|
||||
|
||||
/* Check the account validity */
|
||||
retcode = pam_acct_mgmt (pamh, 0);
|
||||
if (retcode == PAM_NEW_AUTHTOK_REQD) {
|
||||
retcode = pam_chauthtok (pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
|
||||
}
|
||||
PAM_FAIL_CHECK;
|
||||
|
||||
/* Grab the user information out of the password file for future usage
|
||||
First get the username that we are actually using, though.
|
||||
*/
|
||||
|
Loading…
Reference in New Issue
Block a user