--- a/src/vlock/auth.c
+++ b/src/vlock/auth.c
@@ -4,7 +4,7 @@
PAM authentication routine for vlock, the VT locking program for linux.
Copyright (C) 1994-1998 Michael K. Johnson <johnsonm@redhat.com>
- Copyright (C) 2002, 2005 Dmitry V. Levin <ldv@altlinux.org>
+ Copyright (C) 2002, 2005, 2013 Dmitry V. Levin <ldv@altlinux.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -36,6 +36,25 @@
/* Unrecognized PAM error timeout. */
#define ERROR_TIMEOUT 10
+static int
+do_account_password_management (pam_handle_t *pamh)
+{
+ int rc;
+
+ /* Whether the authenticated user is allowed to log in? */
+ rc = pam_acct_mgmt (pamh, 0);
+
+ /* Do we need to prompt the user for a new password? */
+ if (rc == PAM_NEW_AUTHTOK_REQD)
+ rc = pam_chauthtok (pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
+
+ /* Extend the lifetime of the existing credentials. */
+ if (rc == PAM_SUCCESS)
+ rc = pam_setcred (pamh, PAM_REFRESH_CRED);
+
+ return rc;
+}
+
int
get_password (pam_handle_t * pamh, const char *username, const char *tty)
{
@@ -84,6 +103,23 @@ get_password (pam_handle_t * pamh, const char *username, const char *tty)
switch (rc)
{
case PAM_SUCCESS:
+ rc = do_account_password_management (pamh);
+
+ if (rc != PAM_SUCCESS)
+ {
+ /*
+ * The user was authenticated but
+ * either account or password management
+ * returned an error.
+ */
+ printf ("%s.\n\n\n",
+ pam_strerror (pamh, rc));
+ fflush (stdout);
+ pam_end (pamh, rc);
+ pamh = 0;
+ break;
+ }
+
pam_end (pamh, rc);
/* Log the fact of console unlocking. */
syslog (LOG_NOTICE,