From: Jan Rękorajski <baggins@pld-linux.org>
Date: Thu, 2 Dec 1999 19:45:01 +0000 (+0000)
Subject: - forced password change
X-Git-Tag: openssh-1_2_1pre24-2~10
X-Git-Url: http://git.pld-linux.org/?p=packages%2Fopenssh.git;a=commitdiff_plain;h=739aed86953922f31b98e81abd352db26a646c72

- forced password change

Changed files:
    openssh-PAM_NEW_AUTHTOK.patch -> 1.1
---

diff --git a/openssh-PAM_NEW_AUTHTOK.patch b/openssh-PAM_NEW_AUTHTOK.patch
new file mode 100644
index 0000000..5acd25d
--- /dev/null
+++ b/openssh-PAM_NEW_AUTHTOK.patch
@@ -0,0 +1,33 @@
+diff -ur openssh-1.2pre15/sshd.c openssh-1.2pre15.new/sshd.c
+--- openssh-1.2pre15/sshd.c	Thu Nov 25 01:54:59 1999
++++ openssh-1.2pre15.new/sshd.c	Thu Dec  2 19:43:53 1999
+@@ -253,15 +253,21 @@
+ 	}
+ 
+ 	pam_retval = pam_acct_mgmt((pam_handle_t *)pamh, 0);
+-	if (pam_retval != PAM_SUCCESS) {
+-		log("PAM rejected by account configuration: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
+-		do_fake_authloop(username);
+-	}
++	if(pam_retval == PAM_NEW_AUTHTOK_REQD) {
++		forced_command = xmalloc(strlen("/usr/bin/passwd -N ssh") + 1);
++		strcpy(forced_command, "/usr/bin/passwd -N ssh");
++/*		pam_retval = pam_chauthtok((pam_handle_t *)pamh, PAM_CHANGE_EXPIRED_AUTHTOK); */
++	} else {
++		if (pam_retval != PAM_SUCCESS) {
++			log("PAM rejected by account configuration: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
++			do_fake_authloop(username);
++		}
+ 
+-	pam_retval = pam_open_session((pam_handle_t *)pamh, 0);
+-	if (pam_retval != PAM_SUCCESS) {
+-		log("PAM session setup failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
+-		do_fake_authloop(username);
++		pam_retval = pam_open_session((pam_handle_t *)pamh, 0);
++		if (pam_retval != PAM_SUCCESS) {
++			log("PAM session setup failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
++			do_fake_authloop(username);
++		}
+ 	}
+ }
+ #endif /* HAVE_LIBPAM */