mirrors/linux-pam
0
0
Fork 0
mirror of https://github.com/linux-pam/linux-pam.git synced 2024-11-23 09:43:36 +08:00
Code Issues Packages Projects Releases Wiki Activity

pam_unix: sp_min and sp_warn must be at least 1

Browse Source 
If sp_min or sp_warn are set to 0 or empty (-1), then their respective
features are disabled according to shadow(5).

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
This commit is contained in:
Tobias Stoeckmann 2023-12-13 00:46:06 +01:00 committed by Dmitry V. Levin
parent 9ebc14085a
commit 297f0b554e
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
modules/pam_unix/passverify.c
View File

@ -337,7 +337,7 @@ PAMH_ARG_DECL(int check_shadow_expiry,
D(("need a new password 2"));
return PAM_NEW_AUTHTOK_REQD;
}
if (spent->sp_warn >= 0) {
if (spent->sp_warn > 0) {
long warn = spent->sp_warn > spent->sp_max ? -1 :
spent->sp_max - spent->sp_warn;
if (passed >= warn) {
@ -346,7 +346,7 @@ PAMH_ARG_DECL(int check_shadow_expiry,
}
}
}
if (spent->sp_min >= 0 && passed < spent->sp_min) {
if (spent->sp_min > 0 && passed < spent->sp_min) {
/*
* The last password change was too recent. This error will be ignored
* if no password change is attempted.