-diff -ur openssh-1.2.1pre24.orig/auth-pam.c openssh-1.2.1pre24/auth-pam.c
---- openssh-1.2.1pre24.orig/auth-pam.c Thu Dec 30 05:11:25 1999
-+++ openssh-1.2.1pre24/auth-pam.c Tue Jan 4 19:07:56 2000
-@@ -15,6 +15,8 @@
-
- RCSID("$Id$");
+diff -Naur openssh-2.1.1p1/auth-pam.c openssh-2.1.1p1-p/auth-pam.c
+--- openssh-2.1.1p1/auth-pam.c Wed May 31 03:20:12 2000
++++ openssh-2.1.1p1-p/auth-pam.c Mon Jun 12 16:31:42 2000
+@@ -18,6 +18,8 @@
+ #define NEW_AUTHTOK_MSG \
+ "Warning: You password has expired, please change it now"
+extern char *forced_command;
+
/* Callbacks */
static int pamconv(int num_msg, const struct pam_message **msg,
struct pam_response **resp, void *appdata_ptr);
-@@ -137,6 +139,9 @@
- if (pam_retval == PAM_SUCCESS) {
- debug("PAM Password authentication accepted for user \"%.100s\"", pw->pw_name);
+@@ -123,6 +125,9 @@
+ debug("PAM Password authentication accepted for user \"%.100s\"",
+ pw->pw_name);
return 1;
+ } else if (pam_retval == PAM_NEW_AUTHTOK_REQD) {
+ debug("PAM (expired)Password authentication accepted for user \"%.100s\"", pw->pw_name);
} else {
debug("PAM Password authentication for \"%.100s\" failed: %s",
pw->pw_name, PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
-@@ -165,9 +170,15 @@
- }
-
- pam_retval = pam_acct_mgmt((pam_handle_t *)pamh, 0);
-- if (pam_retval != PAM_SUCCESS) {
-- log("PAM rejected by account configuration: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
-- return(0);
-+ if(pam_retval == PAM_NEW_AUTHTOK_REQD) {
-+ forced_command = xmalloc(strlen("/usr/bin/passwd -N ssh") + 1);
-+ strcpy(forced_command, "/usr/bin/passwd -N ssh");
-+/* pam_retval = pam_chauthtok((pam_handle_t *)pamh, PAM_CHANGE_EXPIRED_AUTHTOK); */
-+ } else {
-+ if (pam_retval != PAM_SUCCESS) {
-+ log("PAM rejected by account configuration: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
-+ return(0);
-+ }
- }
-
- return(1);
-@@ -186,7 +197,7 @@
+@@ -159,6 +164,9 @@
+ break;
+ case PAM_NEW_AUTHTOK_REQD:
+ pam_msg_cat(NEW_AUTHTOK_MSG);
++ forced_command = xmalloc(strlen("/usr/bin/passwd") + 1);
++ strcpy(forced_command, "/usr/bin/passwd");
++/* pam_retval = pam_chauthtok((pam_handle_t *)pamh, PAM_CHANGE_EXPIRED_AUTHTOK); */
+ break;
+ default:
+ log("PAM rejected by account configuration: %.200s",
+@@ -184,10 +192,9 @@
}
pam_retval = pam_open_session((pam_handle_t *)pamh, 0);
-- if (pam_retval != PAM_SUCCESS)
+- if (pam_retval != PAM_SUCCESS) {
+ if ((pam_retval != PAM_SUCCESS) && (pam_retval != PAM_NEW_AUTHTOK_REQD))
- fatal("PAM session setup failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
+ fatal("PAM session setup failed: %.200s",
+ PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
+- }
}
-@@ -197,7 +208,7 @@
+ /* Set PAM credentials */
+@@ -197,10 +204,9 @@
debug("PAM establishing creds");
pam_retval = pam_setcred((pam_handle_t *)pamh, PAM_ESTABLISH_CRED);
-- if (pam_retval != PAM_SUCCESS)
+- if (pam_retval != PAM_SUCCESS) {
+ if ((pam_retval != PAM_SUCCESS) && (pam_retval != PAM_NEW_AUTHTOK_REQD))
- fatal("PAM setcred failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
+ fatal("PAM setcred failed: %.200s",
+ PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
+- }
}
+ /* Cleanly shutdown PAM */