openssh-PAM_NEW_AUTHTOK.patch

   1 diff -ur openssh-1.2.1pre24.orig/auth-pam.c openssh-1.2.1pre24/auth-pam.c
   2 --- openssh-1.2.1pre24.orig/auth-pam.c  Thu Dec 30 05:11:25 1999
   3 +++ openssh-1.2.1pre24/auth-pam.c       Tue Jan  4 19:07:56 2000
   4 @@ -15,6 +15,8 @@
   5
   6  RCSID("$Id$");
   7
   8 +extern char *forced_command;
   9 +
  10  /* Callbacks */
  11  static int pamconv(int num_msg, const struct pam_message **msg,
  12           struct pam_response **resp, void *appdata_ptr);
  13 @@ -137,6 +139,9 @@
  14         if (pam_retval == PAM_SUCCESS) {
  15                 debug("PAM Password authentication accepted for user \"%.100s\"", pw->pw_name);
  16                 return 1;
  17 +       } else if (pam_retval == PAM_NEW_AUTHTOK_REQD) {
  18 +               debug("PAM (expired)Password authentication accepted for user \"%.100s\"", pw->pw_name);
  19 +               return 1;
  20         } else {
  21                 debug("PAM Password authentication for \"%.100s\" failed: %s",
  22                         pw->pw_name, PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
  23 @@ -165,9 +170,15 @@
  24         }
  25
  26         pam_retval = pam_acct_mgmt((pam_handle_t *)pamh, 0);
  27 -       if (pam_retval != PAM_SUCCESS) {
  28 -               log("PAM rejected by account configuration: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
  29 -               return(0);
  30 +       if(pam_retval == PAM_NEW_AUTHTOK_REQD) {
  31 +               forced_command = xmalloc(strlen("/usr/bin/passwd -N ssh") + 1);
  32 +               strcpy(forced_command, "/usr/bin/passwd -N ssh");
  33 +/*             pam_retval = pam_chauthtok((pam_handle_t *)pamh, PAM_CHANGE_EXPIRED_AUTHTOK); */
  34 +       } else {
  35 +               if (pam_retval != PAM_SUCCESS) {
  36 +                       log("PAM rejected by account configuration: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
  37 +                       return(0);
  38 +               }
  39         }
  40
  41         return(1);
  42 @@ -186,7 +197,7 @@
  43         }
  44
  45         pam_retval = pam_open_session((pam_handle_t *)pamh, 0);
  46 -       if (pam_retval != PAM_SUCCESS)
  47 +       if ((pam_retval != PAM_SUCCESS) && (pam_retval != PAM_NEW_AUTHTOK_REQD))
  48                 fatal("PAM session setup failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
  49  }
  50
  51 @@ -197,7 +208,7 @@
  52
  53         debug("PAM establishing creds");
  54         pam_retval = pam_setcred((pam_handle_t *)pamh, PAM_ESTABLISH_CRED);
  55 -       if (pam_retval != PAM_SUCCESS)
  56 +       if ((pam_retval != PAM_SUCCESS) && (pam_retval != PAM_NEW_AUTHTOK_REQD))
  57                 fatal("PAM setcred failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
  58  }
  59