[packages/openssh.git] / openssh-PAM_NEW_AUTHTOK.patch

diff -ur openssh-1.2.1pre24.orig/auth-pam.c openssh-1.2.1pre24/auth-pam.c
--- openssh-1.2.1pre24.orig/auth-pam.c	Thu Dec 30 05:11:25 1999
+++ openssh-1.2.1pre24/auth-pam.c	Tue Jan  4 19:07:56 2000
@@ -15,6 +15,8 @@
 
 RCSID("$Id$");
 
+extern char *forced_command;
+
 /* Callbacks */
 static int pamconv(int num_msg, const struct pam_message **msg,
 	  struct pam_response **resp, void *appdata_ptr);
@@ -137,6 +139,9 @@
 	if (pam_retval == PAM_SUCCESS) {
 		debug("PAM Password authentication accepted for user \"%.100s\"", pw->pw_name);
 		return 1;
+	} else if (pam_retval == PAM_NEW_AUTHTOK_REQD) {
+		debug("PAM (expired)Password authentication accepted for user \"%.100s\"", pw->pw_name);
+		return 1;
 	} else {
 		debug("PAM Password authentication for \"%.100s\" failed: %s", 
 			pw->pw_name, PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
@@ -165,9 +170,15 @@
 	}
 
 	pam_retval = pam_acct_mgmt((pam_handle_t *)pamh, 0);
-	if (pam_retval != PAM_SUCCESS) {
-		log("PAM rejected by account configuration: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
-		return(0);
+	if(pam_retval == PAM_NEW_AUTHTOK_REQD) {
+		forced_command = xmalloc(strlen("/usr/bin/passwd -N ssh") + 1);
+		strcpy(forced_command, "/usr/bin/passwd -N ssh");
+/*		pam_retval = pam_chauthtok((pam_handle_t *)pamh, PAM_CHANGE_EXPIRED_AUTHTOK); */
+	} else {
+		if (pam_retval != PAM_SUCCESS) {
+			log("PAM rejected by account configuration: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
+			return(0);
+		}
 	}
 	
 	return(1);
@@ -186,7 +197,7 @@
 	}
 
 	pam_retval = pam_open_session((pam_handle_t *)pamh, 0);
-	if (pam_retval != PAM_SUCCESS)
+	if ((pam_retval != PAM_SUCCESS) && (pam_retval != PAM_NEW_AUTHTOK_REQD))
 		fatal("PAM session setup failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
 }
 
@@ -197,7 +208,7 @@
  
 	debug("PAM establishing creds");
 	pam_retval = pam_setcred((pam_handle_t *)pamh, PAM_ESTABLISH_CRED);
-	if (pam_retval != PAM_SUCCESS)
+	if ((pam_retval != PAM_SUCCESS) && (pam_retval != PAM_NEW_AUTHTOK_REQD))
 		fatal("PAM setcred failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
 }
Commit	Line	Data
e2eebe46 JR	1	diff -ur openssh-1.2.1pre24.orig/auth-pam.c openssh-1.2.1pre24/auth-pam.c
	2	--- openssh-1.2.1pre24.orig/auth-pam.c Thu Dec 30 05:11:25 1999
	3	+++ openssh-1.2.1pre24/auth-pam.c Tue Jan 4 19:07:56 2000
	4	@@ -15,6 +15,8 @@
	5
	6	RCSID("$Id$");
	7
	8	+extern char *forced_command;
	9	+
	10	/* Callbacks */
	11	static int pamconv(int num_msg, const struct pam_message **msg,
	12	struct pam_response *resp, void appdata_ptr);
	13	@@ -137,6 +139,9 @@
	14	if (pam_retval == PAM_SUCCESS) {
	15	debug("PAM Password authentication accepted for user \"%.100s\"", pw->pw_name);
	16	return 1;
	17	+ } else if (pam_retval == PAM_NEW_AUTHTOK_REQD) {
	18	+ debug("PAM (expired)Password authentication accepted for user \"%.100s\"", pw->pw_name);
	19	+ return 1;
	20	} else {
	21	debug("PAM Password authentication for \"%.100s\" failed: %s",
	22	pw->pw_name, PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
	23	@@ -165,9 +170,15 @@
739aed86 JR	24	}
	25
	26	pam_retval = pam_acct_mgmt((pam_handle_t *)pamh, 0);
e2eebe46 JR	27	- if (pam_retval != PAM_SUCCESS) {
	28	- log("PAM rejected by account configuration: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
	29	- return(0);
	30	+ if(pam_retval == PAM_NEW_AUTHTOK_REQD) {
	31	+ forced_command = xmalloc(strlen("/usr/bin/passwd -N ssh") + 1);
739aed86	32	+ strcpy(forced_command, "/usr/bin/passwd -N ssh");
e2eebe46 JR	33	+/* pam_retval = pam_chauthtok((pam_handle_t )pamh, PAM_CHANGE_EXPIRED_AUTHTOK); /
	34	+ } else {
	35	+ if (pam_retval != PAM_SUCCESS) {
	36	+ log("PAM rejected by account configuration: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
	37	+ return(0);
	38	+ }
	39	}
	40
	41	return(1);
	42	@@ -186,7 +197,7 @@
	43	}
	44
	45	pam_retval = pam_open_session((pam_handle_t *)pamh, 0);
	46	- if (pam_retval != PAM_SUCCESS)
	47	+ if ((pam_retval != PAM_SUCCESS) && (pam_retval != PAM_NEW_AUTHTOK_REQD))
	48	fatal("PAM session setup failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
	49	}
	50
	51	@@ -197,7 +208,7 @@
	52
	53	debug("PAM establishing creds");
	54	pam_retval = pam_setcred((pam_handle_t *)pamh, PAM_ESTABLISH_CRED);
	55	- if (pam_retval != PAM_SUCCESS)
	56	+ if ((pam_retval != PAM_SUCCESS) && (pam_retval != PAM_NEW_AUTHTOK_REQD))
	57	fatal("PAM setcred failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
	58	}
	59