diff options
-rw-r--r-- | modules/pam_unix/pam_unix.c | 26 | ||||
-rw-r--r-- | modules/pam_unix/pam_unix.c~ | 32 |
2 files changed, 39 insertions, 19 deletions
diff --git a/modules/pam_unix/pam_unix.c b/modules/pam_unix/pam_unix.c index 64a2eb2..a1ab562 100644 --- a/modules/pam_unix/pam_unix.c +++ b/modules/pam_unix/pam_unix.c @@ -163,6 +163,9 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags , if (user == NULL || (pwd = getpwnam(user)) == NULL) return (PAM_SERVICE_ERR); + + + PAM_LOG("Got user [%s]" , user ); #ifndef __linux__ /* @@ -190,8 +193,8 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags , lc = login_getpwclass(pwd); if (lc == NULL) { - return (PAM_SERVICE_ERR); - + PAM_ERR("Unable to get login class for user [%s]"); + return (PAM_SERVICE_ERR); } #endif /* Check if pw_lstchg or sp_expire is set */ @@ -203,10 +206,11 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags , #ifndef __linux__ login_close(lc); #endif + PAM_ERR("Account has expired!"); return (PAM_ACCT_EXPIRED); } else if ( ( pwd->sp_expire - curtime < DEFAULT_WARN) ) { -// pam_error(pamh, "Warning: your account expires on %s", -// ctime(&pwd->sp_expire)); + PAM_ERR(pamh, "Warning: your account expires on %s", + ctime(&pwd->sp_expire)); } } @@ -218,18 +222,24 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags , if ((curtime > (pwd->sp_lstchg + pwd->sp_max + pwd->sp_inact)) && (pwd->sp_max != -1) && (pwd->sp_inact != -1) && - (pwd->sp_lstchg != 0)) + (pwd->sp_lstchg != 0)) { + PAM_ERR("Account has expired!"); return (PAM_ACCT_EXPIRED); + } if (((pwd->sp_lstchg + pwd->sp_max) < curtime) && - (pwd->sp_max != -1)) + (pwd->sp_max != -1)) { + PAM_ERR("Account has expired!"); return (PAM_ACCT_EXPIRED); + } if ((curtime - pwd->sp_lstchg > pwd->sp_max) && (curtime - pwd->sp_lstchg > pwd->sp_inact) && (curtime - pwd->sp_lstchg > pwd->sp_max + pwd->sp_inact) - && (pwd->sp_max != -1) && (pwd->sp_inact != -1)) - return (PAM_ACCT_EXPIRED); + && (pwd->sp_max != -1) && (pwd->sp_inact != -1)) { + PAM_ERR("Account has expired!"); + return (PAM_ACCT_EXPIRED); + } pam_err = (PAM_SUCCESS); diff --git a/modules/pam_unix/pam_unix.c~ b/modules/pam_unix/pam_unix.c~ index 06f335c..a1ab562 100644 --- a/modules/pam_unix/pam_unix.c~ +++ b/modules/pam_unix/pam_unix.c~ @@ -163,6 +163,9 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags , if (user == NULL || (pwd = getpwnam(user)) == NULL) return (PAM_SERVICE_ERR); + + + PAM_LOG("Got user [%s]" , user ); #ifndef __linux__ /* @@ -190,8 +193,8 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags , lc = login_getpwclass(pwd); if (lc == NULL) { - return (PAM_SERVICE_ERR); - + PAM_ERR("Unable to get login class for user [%s]"); + return (PAM_SERVICE_ERR); } #endif /* Check if pw_lstchg or sp_expire is set */ @@ -203,10 +206,11 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags , #ifndef __linux__ login_close(lc); #endif + PAM_ERR("Account has expired!"); return (PAM_ACCT_EXPIRED); } else if ( ( pwd->sp_expire - curtime < DEFAULT_WARN) ) { -// pam_error(pamh, "Warning: your account expires on %s", -// ctime(&pwd->sp_expire)); + PAM_ERR(pamh, "Warning: your account expires on %s", + ctime(&pwd->sp_expire)); } } @@ -218,18 +222,24 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags , if ((curtime > (pwd->sp_lstchg + pwd->sp_max + pwd->sp_inact)) && (pwd->sp_max != -1) && (pwd->sp_inact != -1) && - (pwd->sp_lstchg != 0)) + (pwd->sp_lstchg != 0)) { + PAM_ERR("Account has expired!"); return (PAM_ACCT_EXPIRED); + } if (((pwd->sp_lstchg + pwd->sp_max) < curtime) && - (pwd->sp_max != -1)) + (pwd->sp_max != -1)) { + PAM_ERR("Account has expired!"); return (PAM_ACCT_EXPIRED); + } if ((curtime - pwd->sp_lstchg > pwd->sp_max) && (curtime - pwd->sp_lstchg > pwd->sp_inact) && (curtime - pwd->sp_lstchg > pwd->sp_max + pwd->sp_inact) - && (pwd->sp_max != -1) && (pwd->sp_inact != -1)) - return (PAM_ACCT_EXPIRED); + && (pwd->sp_max != -1) && (pwd->sp_inact != -1)) { + PAM_ERR("Account has expired!"); + return (PAM_ACCT_EXPIRED); + } pam_err = (PAM_SUCCESS); @@ -456,9 +466,9 @@ static unsigned char itoa64[] = /* 0 ... 63 => ascii - 64 */ static void to64(char *s, long v, int n) { while (--n >= 0) { - *s++ = itoa64[v&0x3f]; - v >>= 6; - } + *s++ = itoa64[v&0x3f]; + v >>= 6; + } } /* Salt suitable for traditional DES and MD5 */ |