]>
Commit | Line | Data |
---|---|---|
e2eebe46 JR |
1 | diff -ur openssh-1.2.1pre24.orig/auth-pam.c openssh-1.2.1pre24/auth-pam.c |
2 | --- openssh-1.2.1pre24.orig/auth-pam.c Thu Dec 30 05:11:25 1999 | |
3 | +++ openssh-1.2.1pre24/auth-pam.c Tue Jan 4 19:07:56 2000 | |
4 | @@ -15,6 +15,8 @@ | |
5 | ||
6 | RCSID("$Id$"); | |
7 | ||
8 | +extern char *forced_command; | |
9 | + | |
10 | /* Callbacks */ | |
11 | static int pamconv(int num_msg, const struct pam_message **msg, | |
12 | struct pam_response **resp, void *appdata_ptr); | |
13 | @@ -137,6 +139,9 @@ | |
14 | if (pam_retval == PAM_SUCCESS) { | |
15 | debug("PAM Password authentication accepted for user \"%.100s\"", pw->pw_name); | |
16 | return 1; | |
17 | + } else if (pam_retval == PAM_NEW_AUTHTOK_REQD) { | |
18 | + debug("PAM (expired)Password authentication accepted for user \"%.100s\"", pw->pw_name); | |
19 | + return 1; | |
20 | } else { | |
21 | debug("PAM Password authentication for \"%.100s\" failed: %s", | |
22 | pw->pw_name, PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); | |
23 | @@ -165,9 +170,15 @@ | |
739aed86 JR |
24 | } |
25 | ||
26 | pam_retval = pam_acct_mgmt((pam_handle_t *)pamh, 0); | |
e2eebe46 JR |
27 | - if (pam_retval != PAM_SUCCESS) { |
28 | - log("PAM rejected by account configuration: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); | |
29 | - return(0); | |
30 | + if(pam_retval == PAM_NEW_AUTHTOK_REQD) { | |
31 | + forced_command = xmalloc(strlen("/usr/bin/passwd -N ssh") + 1); | |
739aed86 | 32 | + strcpy(forced_command, "/usr/bin/passwd -N ssh"); |
e2eebe46 JR |
33 | +/* pam_retval = pam_chauthtok((pam_handle_t *)pamh, PAM_CHANGE_EXPIRED_AUTHTOK); */ |
34 | + } else { | |
35 | + if (pam_retval != PAM_SUCCESS) { | |
36 | + log("PAM rejected by account configuration: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); | |
37 | + return(0); | |
38 | + } | |
39 | } | |
40 | ||
41 | return(1); | |
42 | @@ -186,7 +197,7 @@ | |
43 | } | |
44 | ||
45 | pam_retval = pam_open_session((pam_handle_t *)pamh, 0); | |
46 | - if (pam_retval != PAM_SUCCESS) | |
47 | + if ((pam_retval != PAM_SUCCESS) && (pam_retval != PAM_NEW_AUTHTOK_REQD)) | |
48 | fatal("PAM session setup failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); | |
49 | } | |
50 | ||
51 | @@ -197,7 +208,7 @@ | |
52 | ||
53 | debug("PAM establishing creds"); | |
54 | pam_retval = pam_setcred((pam_handle_t *)pamh, PAM_ESTABLISH_CRED); | |
55 | - if (pam_retval != PAM_SUCCESS) | |
56 | + if ((pam_retval != PAM_SUCCESS) && (pam_retval != PAM_NEW_AUTHTOK_REQD)) | |
57 | fatal("PAM setcred failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); | |
58 | } | |
59 |