diff options
author | Kevin Steves <stevesk@pobox.com> | 2000-10-14 13:36:13 +0000 |
---|---|---|
committer | Kevin Steves <stevesk@pobox.com> | 2000-10-14 13:36:13 +0000 |
commit | 092f2effc5a50e6aeb5059d2b02d5e7b9c03fb42 (patch) | |
tree | bbcd3917c9c8eaa4a807db4e8f8177f8bbe547af | |
parent | f16b9d277383693fe7db29702a0b9763f9f14569 (diff) |
- (stevesk) ~/.hushlogin shouldn't cause required password change to
be bypassed.
-rw-r--r-- | ChangeLog | 2 | ||||
-rw-r--r-- | auth-pam.c | 8 | ||||
-rw-r--r-- | auth-pam.h | 1 | ||||
-rw-r--r-- | session.c | 16 |
4 files changed, 23 insertions, 4 deletions
@@ -83,6 +83,8 @@ | |||
83 | - (stevesk) Include config.h in rijndael.c so we define intXX_t and | 83 | - (stevesk) Include config.h in rijndael.c so we define intXX_t and |
84 | u_intXX_t types on all platforms. | 84 | u_intXX_t types on all platforms. |
85 | - (stevesk) rijndael.c: cleanup missing declaration warnings. | 85 | - (stevesk) rijndael.c: cleanup missing declaration warnings. |
86 | - (stevesk) ~/.hushlogin shouldn't cause required password change to | ||
87 | be bypassed. | ||
86 | 88 | ||
87 | 20001007 | 89 | 20001007 |
88 | - (stevesk) Print PAM return value in PAM log messages to aid | 90 | - (stevesk) Print PAM return value in PAM log messages to aid |
diff --git a/auth-pam.c b/auth-pam.c index ab20782f2..5bb30025d 100644 --- a/auth-pam.c +++ b/auth-pam.c | |||
@@ -29,7 +29,7 @@ | |||
29 | #include "xmalloc.h" | 29 | #include "xmalloc.h" |
30 | #include "servconf.h" | 30 | #include "servconf.h" |
31 | 31 | ||
32 | RCSID("$Id: auth-pam.c,v 1.16 2000/10/14 05:23:11 djm Exp $"); | 32 | RCSID("$Id: auth-pam.c,v 1.17 2000/10/14 13:36:13 stevesk Exp $"); |
33 | 33 | ||
34 | #define NEW_AUTHTOK_MSG \ | 34 | #define NEW_AUTHTOK_MSG \ |
35 | "Warning: Your password has expired, please change it now" | 35 | "Warning: Your password has expired, please change it now" |
@@ -261,6 +261,12 @@ void do_pam_setcred() | |||
261 | } | 261 | } |
262 | } | 262 | } |
263 | 263 | ||
264 | /* accessor function for file scope static variable */ | ||
265 | int pam_password_change_required(void) | ||
266 | { | ||
267 | return password_change_required; | ||
268 | } | ||
269 | |||
264 | /* | 270 | /* |
265 | * Have user change authentication token if pam_acct_mgmt() indicated | 271 | * Have user change authentication token if pam_acct_mgmt() indicated |
266 | * it was expired. This needs to be called after an interactive | 272 | * it was expired. This needs to be called after an interactive |
diff --git a/auth-pam.h b/auth-pam.h index f537fe7ba..7f2304636 100644 --- a/auth-pam.h +++ b/auth-pam.h | |||
@@ -11,6 +11,7 @@ int do_pam_account(char *username, char *remote_user); | |||
11 | void do_pam_session(char *username, const char *ttyname); | 11 | void do_pam_session(char *username, const char *ttyname); |
12 | void do_pam_setcred(); | 12 | void do_pam_setcred(); |
13 | void print_pam_messages(void); | 13 | void print_pam_messages(void); |
14 | int pam_password_change_required(void); | ||
14 | void do_pam_chauthtok(); | 15 | void do_pam_chauthtok(); |
15 | 16 | ||
16 | #endif /* USE_PAM */ | 17 | #endif /* USE_PAM */ |
@@ -720,6 +720,17 @@ do_login(Session *s) | |||
720 | record_login(pid, s->tty, pw->pw_name, pw->pw_uid, | 720 | record_login(pid, s->tty, pw->pw_name, pw->pw_uid, |
721 | get_remote_name_or_ip(), (struct sockaddr *)&from); | 721 | get_remote_name_or_ip(), (struct sockaddr *)&from); |
722 | 722 | ||
723 | #ifdef USE_PAM | ||
724 | /* | ||
725 | * If password change is needed, do it now. | ||
726 | * This needs to occur before the ~/.hushlogin check. | ||
727 | */ | ||
728 | if (pam_password_change_required()) { | ||
729 | print_pam_messages(); | ||
730 | do_pam_chauthtok(); | ||
731 | } | ||
732 | #endif | ||
733 | |||
723 | /* Done if .hushlogin exists. */ | 734 | /* Done if .hushlogin exists. */ |
724 | snprintf(buf, sizeof(buf), "%.200s/.hushlogin", pw->pw_dir); | 735 | snprintf(buf, sizeof(buf), "%.200s/.hushlogin", pw->pw_dir); |
725 | #ifdef HAVE_LOGIN_CAP | 736 | #ifdef HAVE_LOGIN_CAP |
@@ -730,9 +741,8 @@ do_login(Session *s) | |||
730 | return; | 741 | return; |
731 | 742 | ||
732 | #ifdef USE_PAM | 743 | #ifdef USE_PAM |
733 | print_pam_messages(); | 744 | if (!pam_password_change_required()) |
734 | /* If password change is needed, do it now. */ | 745 | print_pam_messages(); |
735 | do_pam_chauthtok(); | ||
736 | #endif /* USE_PAM */ | 746 | #endif /* USE_PAM */ |
737 | #ifdef WITH_AIXAUTHENTICATE | 747 | #ifdef WITH_AIXAUTHENTICATE |
738 | if (aixloginmsg && *aixloginmsg) | 748 | if (aixloginmsg && *aixloginmsg) |