Relevant BUGIDs: 1245888

Purpose of commit: bugfix

Commit summary:
---------------
        * modules/pam_unix/pam_unix_passwd.c (_unix_verify_shadow): Change the
        logic when comparing dates to handle corner cases better [#1245888].

diff --git a/ChangeLog b/ChangeLog
index 43c91c0c4f42fb6344c160380d6a1758af952135..bc7b16f0e6332aef84f5046f4202454c53b49662 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,10 @@
 2005-11-02  Tomas Mraz <t8m@centrum.cz>
 
-       * modules/pam_unix/support.c (_unix_getpwnam): Fix typo [#1224807].
+       * modules/pam_unix/support.c (_unix_getpwnam): Fix typo [#1224807]
+       by ohyajapn.
+       
+       * modules/pam_unix/pam_unix_passwd.c (_unix_verify_shadow): Change the
+       logic when comparing dates to handle corner cases better [#1245888].
 
 2005-10-31  Thorsten Kukuk  <kukuk@suse.de>
 

diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c
index 727f3b3b8a7f628ec8c258d8011b82cbf3d6f07e..f433ab2c1779de19a6f862c4caa2e516a37458b9 100644 (file)
--- a/modules/pam_unix/pam_unix_passwd.c
+++ b/modules/pam_unix/pam_unix_passwd.c
@@ -923,10 +923,21 @@ static int _unix_verify_shadow(pam_handle_t *pamh, const char *user, unsigned in
                if (off(UNIX__IAMROOT, ctrl)) {
                        /* Get the current number of days since 1970 */
                        curdays = time(NULL) / (60 * 60 * 24);
-                       if ((curdays < (spwdent->sp_lstchg + spwdent->sp_min))
-                           && (spwdent->sp_min != -1))
+                       if (curdays < spent->sp_lstchg) {
+                               pam_syslog(pamh, LOG_DEBUG,
+                                       "account %s has password changed in future",
+                                       uname);
+                               curdays = spent->sp_lstchg;
+                       }
+                       if ((curdays - spwdent->sp_lstchg < spwdent->sp_min)
+                                && (spwdent->sp_min != -1))
+                               /*
+                                * The last password change was too recent.
+                                */
                                retval = PAM_AUTHTOK_ERR;
-                       else if ((curdays > (spwdent->sp_lstchg + spwdent->sp_max + spwdent->sp_inact))
+                       else if ((curdays - spent->sp_lstchg > spent->sp_max)
+                                && (curdays - spent->sp_lstchg > spent->sp_inact)
+                                && (curdays - spent->sp_lstchg > spent->sp_max + spent->sp_inact)
                                 && (spwdent->sp_max != -1) && (spwdent->sp_inact != -1)
                                 && (spwdent->sp_lstchg != 0))
                                /*