[packages/openssh.git] / openssh-PAM_NEW_AUTHTOK.patch

diff -Naur openssh-2.1.1p1/auth-pam.c openssh-2.1.1p1-p/auth-pam.c
--- openssh-2.1.1p1/auth-pam.c	Wed May 31 03:20:12 2000
+++ openssh-2.1.1p1-p/auth-pam.c	Mon Jun 12 16:31:42 2000
@@ -18,6 +18,8 @@
 #define NEW_AUTHTOK_MSG \
 	"Warning: You password has expired, please change it now"
 
+extern char *forced_command;
+
 /* Callbacks */
 static int pamconv(int num_msg, const struct pam_message **msg,
 	  struct pam_response **resp, void *appdata_ptr);
@@ -123,6 +125,9 @@
 		debug("PAM Password authentication accepted for user \"%.100s\"", 
 			pw->pw_name);
 		return 1;
+	} else if (pam_retval == PAM_NEW_AUTHTOK_REQD) {
+		debug("PAM (expired)Password authentication accepted for user \"%.100s\"", pw->pw_name);
+		return 1;
 	} else {
 		debug("PAM Password authentication for \"%.100s\" failed: %s", 
 			pw->pw_name, PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
@@ -159,6 +164,9 @@
 			break;
 		case PAM_NEW_AUTHTOK_REQD:
 			pam_msg_cat(NEW_AUTHTOK_MSG);
+			forced_command = xmalloc(strlen("/usr/bin/passwd") + 1);
+			strcpy(forced_command, "/usr/bin/passwd");
+/*			pam_retval = pam_chauthtok((pam_handle_t *)pamh, PAM_CHANGE_EXPIRED_AUTHTOK); */
 			break;
 		default:
 			log("PAM rejected by account configuration: %.200s", 
@@ -184,10 +192,9 @@
 	}
 
 	pam_retval = pam_open_session((pam_handle_t *)pamh, 0);
-	if (pam_retval != PAM_SUCCESS) {
+	if ((pam_retval != PAM_SUCCESS) && (pam_retval != PAM_NEW_AUTHTOK_REQD))
 		fatal("PAM session setup failed: %.200s", 
 			PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
-	}
 }
 
 /* Set PAM credentials */ 
@@ -197,10 +204,9 @@
  
 	debug("PAM establishing creds");
 	pam_retval = pam_setcred((pam_handle_t *)pamh, PAM_ESTABLISH_CRED);
-	if (pam_retval != PAM_SUCCESS) {
+	if ((pam_retval != PAM_SUCCESS) && (pam_retval != PAM_NEW_AUTHTOK_REQD))
 		fatal("PAM setcred failed: %.200s", 
 			PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
-	}
 }
 
 /* Cleanly shutdown PAM */
Commit	Line	Data
a9a40bfe SZ	1	diff -Naur openssh-2.1.1p1/auth-pam.c openssh-2.1.1p1-p/auth-pam.c
	2	--- openssh-2.1.1p1/auth-pam.c Wed May 31 03:20:12 2000
	3	+++ openssh-2.1.1p1-p/auth-pam.c Mon Jun 12 16:31:42 2000
	4	@@ -18,6 +18,8 @@
	5	#define NEW_AUTHTOK_MSG \
	6	"Warning: You password has expired, please change it now"
e2eebe46 JR	7
	8	+extern char *forced_command;
	9	+
	10	/* Callbacks */
	11	static int pamconv(int num_msg, const struct pam_message **msg,
	12	struct pam_response *resp, void appdata_ptr);
a9a40bfe SZ	13	@@ -123,6 +125,9 @@
	14	debug("PAM Password authentication accepted for user \"%.100s\"",
	15	pw->pw_name);
e2eebe46 JR	16	return 1;
	17	+ } else if (pam_retval == PAM_NEW_AUTHTOK_REQD) {
	18	+ debug("PAM (expired)Password authentication accepted for user \"%.100s\"", pw->pw_name);
	19	+ return 1;
	20	} else {
	21	debug("PAM Password authentication for \"%.100s\" failed: %s",
	22	pw->pw_name, PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
a9a40bfe SZ	23	@@ -159,6 +164,9 @@
	24	break;
	25	case PAM_NEW_AUTHTOK_REQD:
	26	pam_msg_cat(NEW_AUTHTOK_MSG);
55cfe211	27	+ forced_command = xmalloc(strlen("/usr/bin/passwd") + 1);
d01de328	28	+ strcpy(forced_command, "/usr/bin/passwd");
a9a40bfe SZ	29	+/* pam_retval = pam_chauthtok((pam_handle_t )pamh, PAM_CHANGE_EXPIRED_AUTHTOK); /
	30	break;
	31	default:
	32	log("PAM rejected by account configuration: %.200s",
	33	@@ -184,10 +192,9 @@
e2eebe46 JR	34	}
	35
	36	pam_retval = pam_open_session((pam_handle_t *)pamh, 0);
a9a40bfe	37	- if (pam_retval != PAM_SUCCESS) {
e2eebe46	38	+ if ((pam_retval != PAM_SUCCESS) && (pam_retval != PAM_NEW_AUTHTOK_REQD))
a9a40bfe SZ	39	fatal("PAM session setup failed: %.200s",
	40	PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
	41	- }
e2eebe46 JR	42	}
e2eebe46 JR	43
a9a40bfe SZ	44	/* Set PAM credentials */
a9a40bfe SZ	45	@@ -197,10 +204,9 @@
e2eebe46 JR	46
	47	debug("PAM establishing creds");
	48	pam_retval = pam_setcred((pam_handle_t *)pamh, PAM_ESTABLISH_CRED);
a9a40bfe	49	- if (pam_retval != PAM_SUCCESS) {
e2eebe46	50	+ if ((pam_retval != PAM_SUCCESS) && (pam_retval != PAM_NEW_AUTHTOK_REQD))
a9a40bfe SZ	51	fatal("PAM setcred failed: %.200s",
	52	PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
	53	- }
e2eebe46 JR	54	}
e2eebe46 JR	55
a9a40bfe	56	/* Cleanly shutdown PAM */