summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog2
-rw-r--r--auth-pam.c8
-rw-r--r--auth-pam.h1
-rw-r--r--session.c16
4 files changed, 23 insertions, 4 deletions
diff --git a/ChangeLog b/ChangeLog
index e8b64b6e7..561d4d076 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -83,6 +83,8 @@
83 - (stevesk) Include config.h in rijndael.c so we define intXX_t and 83 - (stevesk) Include config.h in rijndael.c so we define intXX_t and
84 u_intXX_t types on all platforms. 84 u_intXX_t types on all platforms.
85 - (stevesk) rijndael.c: cleanup missing declaration warnings. 85 - (stevesk) rijndael.c: cleanup missing declaration warnings.
86 - (stevesk) ~/.hushlogin shouldn't cause required password change to
87 be bypassed.
86 88
8720001007 8920001007
88 - (stevesk) Print PAM return value in PAM log messages to aid 90 - (stevesk) Print PAM return value in PAM log messages to aid
diff --git a/auth-pam.c b/auth-pam.c
index ab20782f2..5bb30025d 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -29,7 +29,7 @@
29#include "xmalloc.h" 29#include "xmalloc.h"
30#include "servconf.h" 30#include "servconf.h"
31 31
32RCSID("$Id: auth-pam.c,v 1.16 2000/10/14 05:23:11 djm Exp $"); 32RCSID("$Id: auth-pam.c,v 1.17 2000/10/14 13:36:13 stevesk Exp $");
33 33
34#define NEW_AUTHTOK_MSG \ 34#define NEW_AUTHTOK_MSG \
35 "Warning: Your password has expired, please change it now" 35 "Warning: Your password has expired, please change it now"
@@ -261,6 +261,12 @@ void do_pam_setcred()
261 } 261 }
262} 262}
263 263
264/* accessor function for file scope static variable */
265int pam_password_change_required(void)
266{
267 return password_change_required;
268}
269
264/* 270/*
265 * Have user change authentication token if pam_acct_mgmt() indicated 271 * Have user change authentication token if pam_acct_mgmt() indicated
266 * it was expired. This needs to be called after an interactive 272 * it was expired. This needs to be called after an interactive
diff --git a/auth-pam.h b/auth-pam.h
index f537fe7ba..7f2304636 100644
--- a/auth-pam.h
+++ b/auth-pam.h
@@ -11,6 +11,7 @@ int do_pam_account(char *username, char *remote_user);
11void do_pam_session(char *username, const char *ttyname); 11void do_pam_session(char *username, const char *ttyname);
12void do_pam_setcred(); 12void do_pam_setcred();
13void print_pam_messages(void); 13void print_pam_messages(void);
14int pam_password_change_required(void);
14void do_pam_chauthtok(); 15void do_pam_chauthtok();
15 16
16#endif /* USE_PAM */ 17#endif /* USE_PAM */
diff --git a/session.c b/session.c
index dacb6a099..fc56c2732 100644
--- a/session.c
+++ b/session.c
@@ -720,6 +720,17 @@ do_login(Session *s)
720 record_login(pid, s->tty, pw->pw_name, pw->pw_uid, 720 record_login(pid, s->tty, pw->pw_name, pw->pw_uid,
721 get_remote_name_or_ip(), (struct sockaddr *)&from); 721 get_remote_name_or_ip(), (struct sockaddr *)&from);
722 722
723#ifdef USE_PAM
724 /*
725 * If password change is needed, do it now.
726 * This needs to occur before the ~/.hushlogin check.
727 */
728 if (pam_password_change_required()) {
729 print_pam_messages();
730 do_pam_chauthtok();
731 }
732#endif
733
723 /* Done if .hushlogin exists. */ 734 /* Done if .hushlogin exists. */
724 snprintf(buf, sizeof(buf), "%.200s/.hushlogin", pw->pw_dir); 735 snprintf(buf, sizeof(buf), "%.200s/.hushlogin", pw->pw_dir);
725#ifdef HAVE_LOGIN_CAP 736#ifdef HAVE_LOGIN_CAP
@@ -730,9 +741,8 @@ do_login(Session *s)
730 return; 741 return;
731 742
732#ifdef USE_PAM 743#ifdef USE_PAM
733 print_pam_messages(); 744 if (!pam_password_change_required())
734 /* If password change is needed, do it now. */ 745 print_pam_messages();
735 do_pam_chauthtok();
736#endif /* USE_PAM */ 746#endif /* USE_PAM */
737#ifdef WITH_AIXAUTHENTICATE 747#ifdef WITH_AIXAUTHENTICATE
738 if (aixloginmsg && *aixloginmsg) 748 if (aixloginmsg && *aixloginmsg)
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-29 07:16:31 +0000