summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2000-09-16 16:09:27 +1100
committerDamien Miller <djm@mindrot.org>2000-09-16 16:09:27 +1100
commit9d5705a4b34f09a02cffb751d0be076bf667c8bc (patch)
tree3c894615925f9e31444df0eb1f0356e22ae5b961
parent8a1e6a629e6c712a0f24451b93c293536ad864e6 (diff)
- (djm) Add Steve VanDevender's <stevev@darkwing.uoregon.edu> PAM
password change patch. - (djm) Bring licenses on my stuff in line with OpenBSD's
-rw-r--r--ChangeLog3
-rw-r--r--auth-pam.c143
-rw-r--r--auth-pam.h1
-rw-r--r--bsd-arc4random.c5
-rw-r--r--bsd-arc4random.h5
-rw-r--r--bsd-misc.c5
-rw-r--r--bsd-misc.h5
-rw-r--r--entropy.c7
-rw-r--r--entropy.h5
-rw-r--r--session.c2
10 files changed, 102 insertions, 79 deletions
diff --git a/ChangeLog b/ChangeLog
index a8707f45c..5db81bca8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,7 @@
120000916 120000916
2 - (djm) Add Steve VanDevender's <stevev@darkwing.uoregon.edu> PAM
3 password change patch.
4 - (djm) Bring licenses on my stuff in line with OpenBSD's
2 - (djm) Cleanup auth-passwd.c and unify HP/UX authentication. Patch from 5 - (djm) Cleanup auth-passwd.c and unify HP/UX authentication. Patch from
3 Kevin Steves <stevesk@sweden.hp.com> 6 Kevin Steves <stevesk@sweden.hp.com>
4 - (djm) Shadow expiry check fix from Pavel Troller <patrol@omni.sinus.cz> 7 - (djm) Shadow expiry check fix from Pavel Troller <patrol@omni.sinus.cz>
diff --git a/auth-pam.c b/auth-pam.c
index e2bac9e88..5914cab17 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -9,11 +9,6 @@
9 * 2. Redistributions in binary form must reproduce the above copyright 9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the 10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution. 11 * documentation and/or other materials provided with the distribution.
12 * 3. All advertising materials mentioning features or use of this software
13 * must display the following acknowledgement:
14 * This product includes software developed by Markus Friedl.
15 * 4. The name of the author may not be used to endorse or promote products
16 * derived from this software without specific prior written permission.
17 * 12 *
18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
19 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 14 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
@@ -34,10 +29,10 @@
34#include "xmalloc.h" 29#include "xmalloc.h"
35#include "servconf.h" 30#include "servconf.h"
36 31
37RCSID("$Id: auth-pam.c,v 1.12 2000/08/29 22:57:50 djm Exp $"); 32RCSID("$Id: auth-pam.c,v 1.13 2000/09/16 05:09:27 djm Exp $");
38 33
39#define NEW_AUTHTOK_MSG \ 34#define NEW_AUTHTOK_MSG \
40 "Warning: You password has expired, please change it now" 35 "Warning: Your password has expired, please change it now"
41 36
42/* Callbacks */ 37/* Callbacks */
43static int pamconv(int num_msg, const struct pam_message **msg, 38static int pamconv(int num_msg, const struct pam_message **msg,
@@ -50,40 +45,72 @@ static struct pam_conv conv = {
50 pamconv, 45 pamconv,
51 NULL 46 NULL
52}; 47};
53static struct pam_handle_t *pamh = NULL; 48static pam_handle_t *pamh = NULL;
54static const char *pampasswd = NULL; 49static const char *pampasswd = NULL;
55static char *pam_msg = NULL; 50static char *pam_msg = NULL;
56 51
57/* PAM conversation function. This is really a kludge to get the password */ 52/* states for pamconv() */
58/* into PAM and to pick up any messages generated by PAM into pamconv_msg */ 53typedef enum { INITIAL_LOGIN, OTHER } pamstates;
54static pamstates pamstate = INITIAL_LOGIN;
55/* remember whether pam_acct_mgmt() returned PAM_NEWAUTHTOK_REQD */
56static int password_change_required = 0;
57
58/*
59 * PAM conversation function.
60 * There are two states this can run in.
61 *
62 * INITIAL_LOGIN mode simply feeds the password from the client into
63 * PAM in response to PAM_PROMPT_ECHO_OFF, and collects output
64 * messages with pam_msg_cat(). This is used during initial
65 * authentication to bypass the normal PAM password prompt.
66 *
67 * OTHER mode handles PAM_PROMPT_ECHO_OFF with read_passphrase(prompt, 1)
68 * and outputs messages to stderr. This mode is used if pam_chauthtok()
69 * is called to update expired passwords.
70 */
59static int pamconv(int num_msg, const struct pam_message **msg, 71static int pamconv(int num_msg, const struct pam_message **msg,
60 struct pam_response **resp, void *appdata_ptr) 72 struct pam_response **resp, void *appdata_ptr)
61{ 73{
62 struct pam_response *reply; 74 struct pam_response *reply;
63 int count; 75 int count;
76 char buf[1024];
64 77
65 /* PAM will free this later */ 78 /* PAM will free this later */
66 reply = malloc(num_msg * sizeof(*reply)); 79 reply = malloc(num_msg * sizeof(*reply));
67 if (reply == NULL) 80 if (reply == NULL)
68 return PAM_CONV_ERR; 81 return PAM_CONV_ERR;
69 82
70 for(count = 0; count < num_msg; count++) { 83 for (count = 0; count < num_msg; count++) {
71 switch (msg[count]->msg_style) { 84 switch ((*msg)[count].msg_style) {
85 case PAM_PROMPT_ECHO_ON:
86 fputs((*msg)[count].msg, stderr);
87 fgets(buf, sizeof(buf), stdin);
88 reply[count].resp = xstrdup(buf);
89 reply[count].resp_retcode = PAM_SUCCESS;
90 break;
72 case PAM_PROMPT_ECHO_OFF: 91 case PAM_PROMPT_ECHO_OFF:
73 if (pampasswd == NULL) { 92 if (pamstate == INITIAL_LOGIN) {
74 free(reply); 93 if (pampasswd == NULL) {
75 return PAM_CONV_ERR; 94 free(reply);
76 } 95 return PAM_CONV_ERR;
96 }
97 reply[count].resp = xstrdup(pampasswd);
98 } else
99 reply[count].resp = xstrdup(read_passphrase((*msg)[count].msg, 1));
77 reply[count].resp_retcode = PAM_SUCCESS; 100 reply[count].resp_retcode = PAM_SUCCESS;
78 reply[count].resp = xstrdup(pampasswd);
79 break; 101 break;
102 case PAM_ERROR_MSG:
80 case PAM_TEXT_INFO: 103 case PAM_TEXT_INFO:
81 reply[count].resp_retcode = PAM_SUCCESS; 104 if ((*msg)[count].msg != NULL) {
105 if (pamstate == INITIAL_LOGIN)
106 pam_msg_cat((*msg)[count].msg);
107 else {
108 fputs((*msg)[count].msg, stderr);
109 fputs("\n", stderr);
110 }
111 }
82 reply[count].resp = xstrdup(""); 112 reply[count].resp = xstrdup("");
83 113 reply[count].resp_retcode = PAM_SUCCESS;
84 if (msg[count]->msg != NULL)
85 pam_msg_cat(msg[count]->msg);
86
87 break; 114 break;
88 default: 115 default:
89 free(reply); 116 free(reply);
@@ -103,22 +130,22 @@ void pam_cleanup_proc(void *context)
103 130
104 if (pamh != NULL) 131 if (pamh != NULL)
105 { 132 {
106 pam_retval = pam_close_session((pam_handle_t *)pamh, 0); 133 pam_retval = pam_close_session(pamh, 0);
107 if (pam_retval != PAM_SUCCESS) { 134 if (pam_retval != PAM_SUCCESS) {
108 log("Cannot close PAM session: %.200s", 135 log("Cannot close PAM session: %.200s",
109 PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); 136 PAM_STRERROR(pamh, pam_retval));
110 } 137 }
111 138
112 pam_retval = pam_setcred((pam_handle_t *)pamh, PAM_DELETE_CRED); 139 pam_retval = pam_setcred(pamh, PAM_DELETE_CRED);
113 if (pam_retval != PAM_SUCCESS) { 140 if (pam_retval != PAM_SUCCESS) {
114 debug("Cannot delete credentials: %.200s", 141 debug("Cannot delete credentials: %.200s",
115 PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); 142 PAM_STRERROR(pamh, pam_retval));
116 } 143 }
117 144
118 pam_retval = pam_end((pam_handle_t *)pamh, pam_retval); 145 pam_retval = pam_end(pamh, pam_retval);
119 if (pam_retval != PAM_SUCCESS) { 146 if (pam_retval != PAM_SUCCESS) {
120 log("Cannot release PAM authentication: %.200s", 147 log("Cannot release PAM authentication: %.200s",
121 PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); 148 PAM_STRERROR(pamh, pam_retval));
122 } 149 }
123 } 150 }
124} 151}
@@ -139,14 +166,15 @@ int auth_pam_password(struct passwd *pw, const char *password)
139 166
140 pampasswd = password; 167 pampasswd = password;
141 168
142 pam_retval = pam_authenticate((pam_handle_t *)pamh, 0); 169 pamstate = INITIAL_LOGIN;
170 pam_retval = pam_authenticate(pamh, 0);
143 if (pam_retval == PAM_SUCCESS) { 171 if (pam_retval == PAM_SUCCESS) {
144 debug("PAM Password authentication accepted for user \"%.100s\"", 172 debug("PAM Password authentication accepted for user \"%.100s\"",
145 pw->pw_name); 173 pw->pw_name);
146 return 1; 174 return 1;
147 } else { 175 } else {
148 debug("PAM Password authentication for \"%.100s\" failed: %s", 176 debug("PAM Password authentication for \"%.100s\" failed: %s",
149 pw->pw_name, PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); 177 pw->pw_name, PAM_STRERROR(pamh, pam_retval));
150 return 0; 178 return 0;
151 } 179 }
152} 180}
@@ -157,33 +185,35 @@ int do_pam_account(char *username, char *remote_user)
157 int pam_retval; 185 int pam_retval;
158 186
159 debug("PAM setting rhost to \"%.200s\"", get_canonical_hostname()); 187 debug("PAM setting rhost to \"%.200s\"", get_canonical_hostname());
160 pam_retval = pam_set_item((pam_handle_t *)pamh, PAM_RHOST, 188 pam_retval = pam_set_item(pamh, PAM_RHOST,
161 get_canonical_hostname()); 189 get_canonical_hostname());
162 if (pam_retval != PAM_SUCCESS) { 190 if (pam_retval != PAM_SUCCESS) {
163 fatal("PAM set rhost failed: %.200s", 191 fatal("PAM set rhost failed: %.200s",
164 PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); 192 PAM_STRERROR(pamh, pam_retval));
165 } 193 }
166 194
167 if (remote_user != NULL) { 195 if (remote_user != NULL) {
168 debug("PAM setting ruser to \"%.200s\"", remote_user); 196 debug("PAM setting ruser to \"%.200s\"", remote_user);
169 pam_retval = pam_set_item((pam_handle_t *)pamh, PAM_RUSER, remote_user); 197 pam_retval = pam_set_item(pamh, PAM_RUSER, remote_user);
170 if (pam_retval != PAM_SUCCESS) { 198 if (pam_retval != PAM_SUCCESS) {
171 fatal("PAM set ruser failed: %.200s", 199 fatal("PAM set ruser failed: %.200s",
172 PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); 200 PAM_STRERROR(pamh, pam_retval));
173 } 201 }
174 } 202 }
175 203
176 pam_retval = pam_acct_mgmt((pam_handle_t *)pamh, 0); 204 pam_retval = pam_acct_mgmt(pamh, 0);
177 switch (pam_retval) { 205 switch (pam_retval) {
178 case PAM_SUCCESS: 206 case PAM_SUCCESS:
179 /* This is what we want */ 207 /* This is what we want */
180 break; 208 break;
181 case PAM_NEW_AUTHTOK_REQD: 209 case PAM_NEW_AUTHTOK_REQD:
182 pam_msg_cat(NEW_AUTHTOK_MSG); 210 pam_msg_cat(NEW_AUTHTOK_MSG);
211 /* flag that password change is necessary */
212 password_change_required = 1;
183 break; 213 break;
184 default: 214 default:
185 log("PAM rejected by account configuration: %.200s", 215 log("PAM rejected by account configuration: %.200s",
186 PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); 216 PAM_STRERROR(pamh, pam_retval));
187 return(0); 217 return(0);
188 } 218 }
189 219
@@ -197,17 +227,17 @@ void do_pam_session(char *username, const char *ttyname)
197 227
198 if (ttyname != NULL) { 228 if (ttyname != NULL) {
199 debug("PAM setting tty to \"%.200s\"", ttyname); 229 debug("PAM setting tty to \"%.200s\"", ttyname);
200 pam_retval = pam_set_item((pam_handle_t *)pamh, PAM_TTY, ttyname); 230 pam_retval = pam_set_item(pamh, PAM_TTY, ttyname);
201 if (pam_retval != PAM_SUCCESS) { 231 if (pam_retval != PAM_SUCCESS) {
202 fatal("PAM set tty failed: %.200s", 232 fatal("PAM set tty failed: %.200s",
203 PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); 233 PAM_STRERROR(pamh, pam_retval));
204 } 234 }
205 } 235 }
206 236
207 pam_retval = pam_open_session((pam_handle_t *)pamh, 0); 237 pam_retval = pam_open_session(pamh, 0);
208 if (pam_retval != PAM_SUCCESS) { 238 if (pam_retval != PAM_SUCCESS) {
209 fatal("PAM session setup failed: %.200s", 239 fatal("PAM session setup failed: %.200s",
210 PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); 240 PAM_STRERROR(pamh, pam_retval));
211 } 241 }
212} 242}
213 243
@@ -217,10 +247,28 @@ void do_pam_setcred()
217 int pam_retval; 247 int pam_retval;
218 248
219 debug("PAM establishing creds"); 249 debug("PAM establishing creds");
220 pam_retval = pam_setcred((pam_handle_t *)pamh, PAM_ESTABLISH_CRED); 250 pam_retval = pam_setcred(pamh, PAM_ESTABLISH_CRED);
221 if (pam_retval != PAM_SUCCESS) { 251 if (pam_retval != PAM_SUCCESS) {
222 fatal("PAM setcred failed: %.200s", 252 fatal("PAM setcred failed: %.200s",
223 PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); 253 PAM_STRERROR(pamh, pam_retval));
254 }
255}
256
257/*
258 * Have user change authentication token if pam_acct_mgmt() indicated
259 * it was expired. This needs to be called after an interactive
260 * session is established and the user's pty is connected to
261 * stdin/stout/stderr.
262 */
263void do_pam_chauthtok()
264{
265 int pam_retval;
266
267 if (password_change_required) {
268 pamstate = OTHER;
269 do {
270 pam_retval = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
271 } while (pam_retval != PAM_SUCCESS);
224 } 272 }
225} 273}
226 274
@@ -238,12 +286,11 @@ void start_pam(struct passwd *pw)
238 286
239 debug("Starting up PAM with username \"%.200s\"", pw->pw_name); 287 debug("Starting up PAM with username \"%.200s\"", pw->pw_name);
240 288
241 pam_retval = pam_start(SSHD_PAM_SERVICE, pw->pw_name, &conv, 289 pam_retval = pam_start(SSHD_PAM_SERVICE, pw->pw_name, &conv, &pamh);
242 (pam_handle_t**)&pamh);
243 290
244 if (pam_retval != PAM_SUCCESS) { 291 if (pam_retval != PAM_SUCCESS) {
245 fatal("PAM initialisation failed: %.200s", 292 fatal("PAM initialisation failed: %.200s",
246 PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); 293 PAM_STRERROR(pamh, pam_retval));
247 } 294 }
248 295
249#ifdef PAM_TTY_KLUDGE 296#ifdef PAM_TTY_KLUDGE
@@ -254,10 +301,10 @@ void start_pam(struct passwd *pw)
254 * not even need one (for tty-less connections) 301 * not even need one (for tty-less connections)
255 * Kludge: Set a fake PAM_TTY 302 * Kludge: Set a fake PAM_TTY
256 */ 303 */
257 pam_retval = pam_set_item((pam_handle_t *)pamh, PAM_TTY, "ssh"); 304 pam_retval = pam_set_item(pamh, PAM_TTY, "ssh");
258 if (pam_retval != PAM_SUCCESS) { 305 if (pam_retval != PAM_SUCCESS) {
259 fatal("PAM set tty failed: %.200s", 306 fatal("PAM set tty failed: %.200s",
260 PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); 307 PAM_STRERROR(pamh, pam_retval));
261 } 308 }
262#endif /* PAM_TTY_KLUDGE */ 309#endif /* PAM_TTY_KLUDGE */
263 310
@@ -268,7 +315,7 @@ void start_pam(struct passwd *pw)
268char **fetch_pam_environment(void) 315char **fetch_pam_environment(void)
269{ 316{
270#ifdef HAVE_PAM_GETENVLIST 317#ifdef HAVE_PAM_GETENVLIST
271 return(pam_getenvlist((pam_handle_t *)pamh)); 318 return(pam_getenvlist(pamh));
272#else /* HAVE_PAM_GETENVLIST */ 319#else /* HAVE_PAM_GETENVLIST */
273 return(NULL); 320 return(NULL);
274#endif /* HAVE_PAM_GETENVLIST */ 321#endif /* HAVE_PAM_GETENVLIST */
diff --git a/auth-pam.h b/auth-pam.h
index 191d80ca6..f537fe7ba 100644
--- a/auth-pam.h
+++ b/auth-pam.h
@@ -11,5 +11,6 @@ int do_pam_account(char *username, char *remote_user);
11void do_pam_session(char *username, const char *ttyname); 11void do_pam_session(char *username, const char *ttyname);
12void do_pam_setcred(); 12void do_pam_setcred();
13void print_pam_messages(void); 13void print_pam_messages(void);
14void do_pam_chauthtok();
14 15
15#endif /* USE_PAM */ 16#endif /* USE_PAM */
diff --git a/bsd-arc4random.c b/bsd-arc4random.c
index 86d158243..fb378d848 100644
--- a/bsd-arc4random.c
+++ b/bsd-arc4random.c
@@ -9,11 +9,6 @@
9 * 2. Redistributions in binary form must reproduce the above copyright 9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the 10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution. 11 * documentation and/or other materials provided with the distribution.
12 * 3. All advertising materials mentioning features or use of this software
13 * must display the following acknowledgement:
14 * This product includes software developed by Markus Friedl.
15 * 4. The name of the author may not be used to endorse or promote products
16 * derived from this software without specific prior written permission.
17 * 12 *
18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
19 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 14 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
diff --git a/bsd-arc4random.h b/bsd-arc4random.h
index c6ccd35f2..9819b848c 100644
--- a/bsd-arc4random.h
+++ b/bsd-arc4random.h
@@ -9,11 +9,6 @@
9 * 2. Redistributions in binary form must reproduce the above copyright 9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the 10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution. 11 * documentation and/or other materials provided with the distribution.
12 * 3. All advertising materials mentioning features or use of this software
13 * must display the following acknowledgement:
14 * This product includes software developed by Markus Friedl.
15 * 4. The name of the author may not be used to endorse or promote products
16 * derived from this software without specific prior written permission.
17 * 12 *
18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
19 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 14 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
diff --git a/bsd-misc.c b/bsd-misc.c
index 67614eb76..6059f5d39 100644
--- a/bsd-misc.c
+++ b/bsd-misc.c
@@ -9,11 +9,6 @@
9 * 2. Redistributions in binary form must reproduce the above copyright 9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the 10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution. 11 * documentation and/or other materials provided with the distribution.
12 * 3. All advertising materials mentioning features or use of this software
13 * must display the following acknowledgement:
14 * This product includes software developed by Markus Friedl.
15 * 4. The name of the author may not be used to endorse or promote products
16 * derived from this software without specific prior written permission.
17 * 12 *
18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
19 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 14 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
diff --git a/bsd-misc.h b/bsd-misc.h
index aea285c8d..477048b74 100644
--- a/bsd-misc.h
+++ b/bsd-misc.h
@@ -9,11 +9,6 @@
9 * 2. Redistributions in binary form must reproduce the above copyright 9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the 10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution. 11 * documentation and/or other materials provided with the distribution.
12 * 3. All advertising materials mentioning features or use of this software
13 * must display the following acknowledgement:
14 * This product includes software developed by Markus Friedl.
15 * 4. The name of the author may not be used to endorse or promote products
16 * derived from this software without specific prior written permission.
17 * 12 *
18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
19 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 14 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
diff --git a/entropy.c b/entropy.c
index aa62650a2..6a64963ab 100644
--- a/entropy.c
+++ b/entropy.c
@@ -9,11 +9,6 @@
9 * 2. Redistributions in binary form must reproduce the above copyright 9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the 10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution. 11 * documentation and/or other materials provided with the distribution.
12 * 3. All advertising materials mentioning features or use of this software
13 * must display the following acknowledgement:
14 * This product includes software developed by Markus Friedl.
15 * 4. The name of the author may not be used to endorse or promote products
16 * derived from this software without specific prior written permission.
17 * 12 *
18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
19 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 14 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
@@ -40,7 +35,7 @@
40# include <floatingpoint.h> 35# include <floatingpoint.h>
41#endif /* HAVE_FLOATINGPOINT_H */ 36#endif /* HAVE_FLOATINGPOINT_H */
42 37
43RCSID("$Id: entropy.c,v 1.18 2000/07/15 04:59:15 djm Exp $"); 38RCSID("$Id: entropy.c,v 1.19 2000/09/16 05:09:28 djm Exp $");
44 39
45#ifndef offsetof 40#ifndef offsetof
46# define offsetof(type, member) ((size_t) &((type *)0)->member) 41# define offsetof(type, member) ((size_t) &((type *)0)->member)
diff --git a/entropy.h b/entropy.h
index a6f7bfc60..b145f7c6d 100644
--- a/entropy.h
+++ b/entropy.h
@@ -9,11 +9,6 @@
9 * 2. Redistributions in binary form must reproduce the above copyright 9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the 10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution. 11 * documentation and/or other materials provided with the distribution.
12 * 3. All advertising materials mentioning features or use of this software
13 * must display the following acknowledgement:
14 * This product includes software developed by Markus Friedl.
15 * 4. The name of the author may not be used to endorse or promote products
16 * derived from this software without specific prior written permission.
17 * 12 *
18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
19 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 14 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
diff --git a/session.c b/session.c
index 0cc919c6b..296dfadec 100644
--- a/session.c
+++ b/session.c
@@ -729,6 +729,8 @@ do_login(Session *s)
729 729
730#ifdef USE_PAM 730#ifdef USE_PAM
731 print_pam_messages(); 731 print_pam_messages();
732 /* If password change is needed, do it now. */
733 do_pam_chauthtok();
732#endif /* USE_PAM */ 734#endif /* USE_PAM */
733#ifdef WITH_AIXAUTHENTICATE 735#ifdef WITH_AIXAUTHENTICATE
734 if (aixloginmsg && *aixloginmsg) 736 if (aixloginmsg && *aixloginmsg)