[packages/openssh.git] / openssh-PAM_NEW_AUTHTOK.patch

diff -ur openssh-1.2pre15/sshd.c openssh-1.2pre15.new/sshd.c
--- openssh-1.2pre15/sshd.c	Thu Nov 25 01:54:59 1999
+++ openssh-1.2pre15.new/sshd.c	Thu Dec  2 19:43:53 1999
@@ -253,15 +253,21 @@
 	}
 
 	pam_retval = pam_acct_mgmt((pam_handle_t *)pamh, 0);
-	if (pam_retval != PAM_SUCCESS) {
-		log("PAM rejected by account configuration: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
-		do_fake_authloop(username);
-	}
+	if(pam_retval == PAM_NEW_AUTHTOK_REQD) {
+		forced_command = xmalloc(strlen("/usr/bin/passwd -N ssh") + 1);
+		strcpy(forced_command, "/usr/bin/passwd -N ssh");
+/*		pam_retval = pam_chauthtok((pam_handle_t *)pamh, PAM_CHANGE_EXPIRED_AUTHTOK); */
+	} else {
+		if (pam_retval != PAM_SUCCESS) {
+			log("PAM rejected by account configuration: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
+			do_fake_authloop(username);
+		}
 
-	pam_retval = pam_open_session((pam_handle_t *)pamh, 0);
-	if (pam_retval != PAM_SUCCESS) {
-		log("PAM session setup failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
-		do_fake_authloop(username);
+		pam_retval = pam_open_session((pam_handle_t *)pamh, 0);
+		if (pam_retval != PAM_SUCCESS) {
+			log("PAM session setup failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
+			do_fake_authloop(username);
+		}
 	}
 }
 #endif /* HAVE_LIBPAM */
Commit	Line	Data
739aed86 JR	1	diff -ur openssh-1.2pre15/sshd.c openssh-1.2pre15.new/sshd.c
	2	--- openssh-1.2pre15/sshd.c Thu Nov 25 01:54:59 1999
	3	+++ openssh-1.2pre15.new/sshd.c Thu Dec 2 19:43:53 1999
	4	@@ -253,15 +253,21 @@
	5	}
	6
	7	pam_retval = pam_acct_mgmt((pam_handle_t *)pamh, 0);
	8	- if (pam_retval != PAM_SUCCESS) {
	9	- log("PAM rejected by account configuration: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
	10	- do_fake_authloop(username);
	11	- }
	12	+ if(pam_retval == PAM_NEW_AUTHTOK_REQD) {
	13	+ forced_command = xmalloc(strlen("/usr/bin/passwd -N ssh") + 1);
	14	+ strcpy(forced_command, "/usr/bin/passwd -N ssh");
	15	+/* pam_retval = pam_chauthtok((pam_handle_t )pamh, PAM_CHANGE_EXPIRED_AUTHTOK); /
	16	+ } else {
	17	+ if (pam_retval != PAM_SUCCESS) {
	18	+ log("PAM rejected by account configuration: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
	19	+ do_fake_authloop(username);
	20	+ }
	21
	22	- pam_retval = pam_open_session((pam_handle_t *)pamh, 0);
	23	- if (pam_retval != PAM_SUCCESS) {
	24	- log("PAM session setup failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
	25	- do_fake_authloop(username);
	26	+ pam_retval = pam_open_session((pam_handle_t *)pamh, 0);
	27	+ if (pam_retval != PAM_SUCCESS) {
	28	+ log("PAM session setup failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
	29	+ do_fake_authloop(username);
	30	+ }
	31	}
	32	}
	33	#endif /* HAVE_LIBPAM */