1 diff -Naur openssh-2.1.1p1/auth-pam.c openssh-2.1.1p1-p/auth-pam.c
2 --- openssh-2.1.1p1/auth-pam.c Wed May 31 03:20:12 2000
3 +++ openssh-2.1.1p1-p/auth-pam.c Mon Jun 12 16:31:42 2000
5 #define NEW_AUTHTOK_MSG \
6 "Warning: You password has expired, please change it now"
8 +extern char *forced_command;
11 static int pamconv(int num_msg, const struct pam_message **msg,
12 struct pam_response **resp, void *appdata_ptr);
14 debug("PAM Password authentication accepted for user \"%.100s\"",
17 + } else if (pam_retval == PAM_NEW_AUTHTOK_REQD) {
18 + debug("PAM (expired)Password authentication accepted for user \"%.100s\"", pw->pw_name);
21 debug("PAM Password authentication for \"%.100s\" failed: %s",
22 pw->pw_name, PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
25 case PAM_NEW_AUTHTOK_REQD:
26 pam_msg_cat(NEW_AUTHTOK_MSG);
27 + forced_command = xmalloc(strlen("/usr/bin/passwd") + 1);
28 + strcpy(forced_command, "/usr/bin/passwd");
29 +/* pam_retval = pam_chauthtok((pam_handle_t *)pamh, PAM_CHANGE_EXPIRED_AUTHTOK); */
32 log("PAM rejected by account configuration: %.200s",
36 pam_retval = pam_open_session((pam_handle_t *)pamh, 0);
37 - if (pam_retval != PAM_SUCCESS) {
38 + if ((pam_retval != PAM_SUCCESS) && (pam_retval != PAM_NEW_AUTHTOK_REQD))
39 fatal("PAM session setup failed: %.200s",
40 PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
44 /* Set PAM credentials */
47 debug("PAM establishing creds");
48 pam_retval = pam_setcred((pam_handle_t *)pamh, PAM_ESTABLISH_CRED);
49 - if (pam_retval != PAM_SUCCESS) {
50 + if ((pam_retval != PAM_SUCCESS) && (pam_retval != PAM_NEW_AUTHTOK_REQD))
51 fatal("PAM setcred failed: %.200s",
52 PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
56 /* Cleanly shutdown PAM */