1 diff -ur openssh-1.2.1pre24.orig/auth-pam.c openssh-1.2.1pre24/auth-pam.c
2 --- openssh-1.2.1pre24.orig/auth-pam.c Thu Dec 30 05:11:25 1999
3 +++ openssh-1.2.1pre24/auth-pam.c Tue Jan 4 19:07:56 2000
8 +extern char *forced_command;
11 static int pamconv(int num_msg, const struct pam_message **msg,
12 struct pam_response **resp, void *appdata_ptr);
14 if (pam_retval == PAM_SUCCESS) {
15 debug("PAM Password authentication accepted for user \"%.100s\"", pw->pw_name);
17 + } else if (pam_retval == PAM_NEW_AUTHTOK_REQD) {
18 + debug("PAM (expired)Password authentication accepted for user \"%.100s\"", pw->pw_name);
21 debug("PAM Password authentication for \"%.100s\" failed: %s",
22 pw->pw_name, PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
26 pam_retval = pam_acct_mgmt((pam_handle_t *)pamh, 0);
27 - if (pam_retval != PAM_SUCCESS) {
28 - log("PAM rejected by account configuration: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
30 + if(pam_retval == PAM_NEW_AUTHTOK_REQD) {
31 + forced_command = xmalloc(strlen("/usr/bin/passwd -N ssh") + 1);
32 + strcpy(forced_command, "/usr/bin/passwd -N ssh");
33 +/* pam_retval = pam_chauthtok((pam_handle_t *)pamh, PAM_CHANGE_EXPIRED_AUTHTOK); */
35 + if (pam_retval != PAM_SUCCESS) {
36 + log("PAM rejected by account configuration: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
45 pam_retval = pam_open_session((pam_handle_t *)pamh, 0);
46 - if (pam_retval != PAM_SUCCESS)
47 + if ((pam_retval != PAM_SUCCESS) && (pam_retval != PAM_NEW_AUTHTOK_REQD))
48 fatal("PAM session setup failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
53 debug("PAM establishing creds");
54 pam_retval = pam_setcred((pam_handle_t *)pamh, PAM_ESTABLISH_CRED);
55 - if (pam_retval != PAM_SUCCESS)
56 + if ((pam_retval != PAM_SUCCESS) && (pam_retval != PAM_NEW_AUTHTOK_REQD))
57 fatal("PAM setcred failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));