Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 826385 Details for
Bug 913311
vlock doesn't perform PAM account management or credential reinitialization
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
tentative patch
0001-vlock-implement-PAM-account-and-password-management.patch (text/plain), 2.60 KB, created by
Dmitry V. Levin
on 2013-11-20 01:12:08 UTC
(
hide
)
Description:
tentative patch
Filename:
MIME Type:
Creator:
Dmitry V. Levin
Created:
2013-11-20 01:12:08 UTC
Size:
2.60 KB
patch
obsolete
>From 29aeea7673022ef60100a0be2ac22a5ead6f8794 Mon Sep 17 00:00:00 2001 >From: "Dmitry V. Levin" <ldv@altlinux.org> >Date: Tue, 19 Nov 2013 12:34:56 +0000 >Subject: [PATCH] vlock: implement PAM account and password management > >There seems to be a tradition for lockers to implement PAM account and >password management (account validation, changing expired passwords, >refreshing credentials) like login programs do. > >Fixes RH#913311. >--- > src/vlock/auth.c | 38 +++++++++++++++++++++++++++++++++++++- > src/vlock/vlock.pamd | 2 ++ > 2 files changed, 39 insertions(+), 1 deletion(-) > >diff --git a/src/vlock/auth.c b/src/vlock/auth.c >index 71c8f15..cac877c 100644 >--- a/src/vlock/auth.c >+++ b/src/vlock/auth.c >@@ -4,7 +4,7 @@ > PAM authentication routine for vlock, the VT locking program for linux. > > Copyright (C) 1994-1998 Michael K. Johnson <johnsonm@redhat.com> >- Copyright (C) 2002, 2005 Dmitry V. Levin <ldv@altlinux.org> >+ Copyright (C) 2002, 2005, 2013 Dmitry V. Levin <ldv@altlinux.org> > > This program is free software; you can redistribute it and/or modify > it under the terms of the GNU General Public License as published by >@@ -36,6 +36,25 @@ > /* Unrecognized PAM error timeout. */ > #define ERROR_TIMEOUT 10 > >+static int >+do_account_password_management (pam_handle_t *pamh) >+{ >+ int rc; >+ >+ /* Whether the authenticated user is allowed to log in? */ >+ rc = pam_acct_mgmt (pamh, 0); >+ >+ /* Do we need to prompt the user for a new password? */ >+ if (rc == PAM_NEW_AUTHTOK_REQD) >+ rc = pam_chauthtok (pamh, PAM_CHANGE_EXPIRED_AUTHTOK); >+ >+ /* Extend the lifetime of the existing credentials. */ >+ if (rc == PAM_SUCCESS) >+ rc = pam_setcred (pamh, PAM_REFRESH_CRED); >+ >+ return rc; >+} >+ > int > get_password (pam_handle_t * pamh, const char *username, const char *tty) > { >@@ -84,6 +103,23 @@ get_password (pam_handle_t * pamh, const char *username, const char *tty) > switch (rc) > { > case PAM_SUCCESS: >+ rc = do_account_password_management (pamh); >+ >+ if (rc != PAM_SUCCESS) >+ { >+ /* >+ * The user was authenticated but >+ * either account or password management >+ * returned an error. >+ */ >+ printf ("%s.\n\n\n", >+ pam_strerror (pamh, rc)); >+ fflush (stdout); >+ pam_end (pamh, rc); >+ pamh = 0; >+ break; >+ } >+ > pam_end (pamh, rc); > /* Log the fact of console unlocking. */ > syslog (LOG_NOTICE, >diff --git a/src/vlock/vlock.pamd b/src/vlock/vlock.pamd >index b9d1c18..2e33786 100644 >--- a/src/vlock/vlock.pamd >+++ b/src/vlock/vlock.pamd >@@ -1,2 +1,4 @@ > #%PAM-1.0 > auth include system-auth >+account include system-auth >+password include system-auth >-- >1.8.4.3 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=826385">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 913311
:
823465
| 826385