diff options
| author | Kevin Steves <stevesk@pobox.com> | 2000-10-14 13:36:13 +0000 |
|---|---|---|
| committer | Kevin Steves <stevesk@pobox.com> | 2000-10-14 13:36:13 +0000 |
| commit | 092f2effc5a50e6aeb5059d2b02d5e7b9c03fb42 (patch) | |
| tree | bbcd3917c9c8eaa4a807db4e8f8177f8bbe547af | |
| parent | f16b9d277383693fe7db29702a0b9763f9f14569 (diff) | |
- (stevesk) ~/.hushlogin shouldn't cause required password change to
be bypassed.
| -rw-r--r-- | ChangeLog | 2 | ||||
| -rw-r--r-- | auth-pam.c | 8 | ||||
| -rw-r--r-- | auth-pam.h | 1 | ||||
| -rw-r--r-- | session.c | 16 |
4 files changed, 23 insertions, 4 deletions
@@ -83,6 +83,8 @@ - (stevesk) Include config.h in rijndael.c so we define intXX_t and u_intXX_t types on all platforms. - (stevesk) rijndael.c: cleanup missing declaration warnings. + - (stevesk) ~/.hushlogin shouldn't cause required password change to + be bypassed. 20001007 - (stevesk) Print PAM return value in PAM log messages to aid @@ -29,7 +29,7 @@ #include "xmalloc.h" #include "servconf.h" -RCSID("$Id: auth-pam.c,v 1.16 2000/10/14 05:23:11 djm Exp $"); +RCSID("$Id: auth-pam.c,v 1.17 2000/10/14 13:36:13 stevesk Exp $"); #define NEW_AUTHTOK_MSG \ "Warning: Your password has expired, please change it now" @@ -261,6 +261,12 @@ void do_pam_setcred() } } +/* accessor function for file scope static variable */ +int pam_password_change_required(void) +{ + return password_change_required; +} + /* * Have user change authentication token if pam_acct_mgmt() indicated * it was expired. This needs to be called after an interactive @@ -11,6 +11,7 @@ int do_pam_account(char *username, char *remote_user); void do_pam_session(char *username, const char *ttyname); void do_pam_setcred(); void print_pam_messages(void); +int pam_password_change_required(void); void do_pam_chauthtok(); #endif /* USE_PAM */ @@ -720,6 +720,17 @@ do_login(Session *s) record_login(pid, s->tty, pw->pw_name, pw->pw_uid, get_remote_name_or_ip(), (struct sockaddr *)&from); +#ifdef USE_PAM + /* + * If password change is needed, do it now. + * This needs to occur before the ~/.hushlogin check. + */ + if (pam_password_change_required()) { + print_pam_messages(); + do_pam_chauthtok(); + } +#endif + /* Done if .hushlogin exists. */ snprintf(buf, sizeof(buf), "%.200s/.hushlogin", pw->pw_dir); #ifdef HAVE_LOGIN_CAP @@ -730,9 +741,8 @@ do_login(Session *s) return; #ifdef USE_PAM - print_pam_messages(); - /* If password change is needed, do it now. */ - do_pam_chauthtok(); + if (!pam_password_change_required()) + print_pam_messages(); #endif /* USE_PAM */ #ifdef WITH_AIXAUTHENTICATE if (aixloginmsg && *aixloginmsg) |