openssh-PAM_NEW_AUTHTOK.patch

   1 diff -Naur openssh-2.1.1p1/auth-pam.c openssh-2.1.1p1-p/auth-pam.c
   2 --- openssh-2.1.1p1/auth-pam.c  Wed May 31 03:20:12 2000
   3 +++ openssh-2.1.1p1-p/auth-pam.c        Mon Jun 12 16:31:42 2000
   4 @@ -18,6 +18,8 @@
   5  #define NEW_AUTHTOK_MSG \
   6         "Warning: You password has expired, please change it now"
   7
   8 +extern char *forced_command;
   9 +
  10  /* Callbacks */
  11  static int pamconv(int num_msg, const struct pam_message **msg,
  12           struct pam_response **resp, void *appdata_ptr);
  13 @@ -123,6 +125,9 @@
  14                 debug("PAM Password authentication accepted for user \"%.100s\"",
  15                         pw->pw_name);
  16                 return 1;
  17 +       } else if (pam_retval == PAM_NEW_AUTHTOK_REQD) {
  18 +               debug("PAM (expired)Password authentication accepted for user \"%.100s\"", pw->pw_name);
  19 +               return 1;
  20         } else {
  21                 debug("PAM Password authentication for \"%.100s\" failed: %s",
  22                         pw->pw_name, PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
  23 @@ -159,6 +164,9 @@
  24                         break;
  25                 case PAM_NEW_AUTHTOK_REQD:
  26                         pam_msg_cat(NEW_AUTHTOK_MSG);
  27 +                       forced_command = xmalloc(strlen("/usr/bin/passwd") + 1);
  28 +                       strcpy(forced_command, "/usr/bin/passwd");
  29 +/*                     pam_retval = pam_chauthtok((pam_handle_t *)pamh, PAM_CHANGE_EXPIRED_AUTHTOK); */
  30                         break;
  31                 default:
  32                         log("PAM rejected by account configuration: %.200s",
  33 @@ -184,10 +192,9 @@
  34         }
  35
  36         pam_retval = pam_open_session((pam_handle_t *)pamh, 0);
  37 -       if (pam_retval != PAM_SUCCESS) {
  38 +       if ((pam_retval != PAM_SUCCESS) && (pam_retval != PAM_NEW_AUTHTOK_REQD))
  39                 fatal("PAM session setup failed: %.200s",
  40                         PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
  41 -       }
  42  }
  43
  44  /* Set PAM credentials */
  45 @@ -197,10 +204,9 @@
  46
  47         debug("PAM establishing creds");
  48         pam_retval = pam_setcred((pam_handle_t *)pamh, PAM_ESTABLISH_CRED);
  49 -       if (pam_retval != PAM_SUCCESS) {
  50 +       if ((pam_retval != PAM_SUCCESS) && (pam_retval != PAM_NEW_AUTHTOK_REQD))
  51                 fatal("PAM setcred failed: %.200s",
  52                         PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
  53 -       }
  54  }
  55
  56  /* Cleanly shutdown PAM */