openssh-PAM_NEW_AUTHTOK.patch

   1 diff -ur openssh-1.2pre15/sshd.c openssh-1.2pre15.new/sshd.c
   2 --- openssh-1.2pre15/sshd.c     Thu Nov 25 01:54:59 1999
   3 +++ openssh-1.2pre15.new/sshd.c Thu Dec  2 19:43:53 1999
   4 @@ -253,15 +253,21 @@
   5         }
   6
   7         pam_retval = pam_acct_mgmt((pam_handle_t *)pamh, 0);
   8 -       if (pam_retval != PAM_SUCCESS) {
   9 -               log("PAM rejected by account configuration: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
  10 -               do_fake_authloop(username);
  11 -       }
  12 +       if(pam_retval == PAM_NEW_AUTHTOK_REQD) {
  13 +               forced_command = xmalloc(strlen("/usr/bin/passwd -N ssh") + 1);
  14 +               strcpy(forced_command, "/usr/bin/passwd -N ssh");
  15 +/*             pam_retval = pam_chauthtok((pam_handle_t *)pamh, PAM_CHANGE_EXPIRED_AUTHTOK); */
  16 +       } else {
  17 +               if (pam_retval != PAM_SUCCESS) {
  18 +                       log("PAM rejected by account configuration: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
  19 +                       do_fake_authloop(username);
  20 +               }
  21
  22 -       pam_retval = pam_open_session((pam_handle_t *)pamh, 0);
  23 -       if (pam_retval != PAM_SUCCESS) {
  24 -               log("PAM session setup failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
  25 -               do_fake_authloop(username);
  26 +               pam_retval = pam_open_session((pam_handle_t *)pamh, 0);
  27 +               if (pam_retval != PAM_SUCCESS) {
  28 +                       log("PAM session setup failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
  29 +                       do_fake_authloop(username);
  30 +               }
  31         }
  32  }
  33  #endif /* HAVE_LIBPAM */