Problem:

     Accounts that have "pw_change" set, are supposed to change their passwords
by the date specified in "pw_change".  If they have not changed their passwords
by that date, currently they get "LOCKED OUT" of the system.  This is not the
correct behavior, the user should be prompt (forced?) to change their password
at this time.  If the behavior of "pw_change" was meant to be a LOCKOUT,
then you should use "pw_expire".

Solution:
     Instead of locking out the user, prompt them to change their password.

Reviewed by:	jkh
Submitted by:	rls

1 files changed, 27 insertions, 1 deletions

diff --git a/usr.bin/login/login.c b/usr.bin/login/login.c
index 324c742318a6..e27870f544d7 100644
--- a/usr.bin/login/login.c
+++ b/usr.bin/login/login.c
@@ -75,6 +75,7 @@ void	 checknologin __P((void));
 void	 dolastlog __P((int));
 void	 getloginname __P((void));
 void	 motd __P((void));
+void	 change_passwd __P((void));
 int	 rootterm __P((char *));
 void	 sigint __P((int));
 void	 sleepexit __P((int));
@@ -317,10 +318,11 @@ main(argc, argv)
 
 	if (pwd->pw_change || pwd->pw_expire)
 		(void)gettimeofday(&tp, (struct timezone *)NULL);
+
 	if (pwd->pw_change)
 		if (tp.tv_sec >= pwd->pw_change) {
 			(void)printf("Sorry -- your password has expired.\n");
-			sleepexit(1);
+			change_passwd();
 		} else if (pwd->pw_change - tp.tv_sec <
 		    2 * DAYSPERWEEK * SECSPERDAY && !quietlog)
 			(void)printf("Warning: your password expires on %s",
@@ -600,3 +602,27 @@ sleepexit(eval)
 	(void)sleep(5);
 	exit(eval);
 }
+
+void
+change_passwd()
+{
+	int pid, status, w;
+	register void (*istat)(), (*qstat)();
+
+	if (( pid=fork() ) == 0)
+		{
+		execl( "/usr/bin/passwd", "passwd", NULL );
+		fprintf( stderr, "ERROR: Can't execute passwd!\n" );
+		sleepexit( 1 );
+		}
+
+	istat = signal( SIGINT,  SIG_IGN );	
+	qstat = signal( SIGQUIT, SIG_IGN );
+
+	while ((w = wait( &status )) != pid && w != -1)
+		;
+
+	signal( SIGINT,  istat );
+	signal( SIGQUIT, qstat );
+}
+