- (stevesk) ~/.hushlogin shouldn't cause required password change to
be bypassed.
This commit is contained in:
parent
f16b9d2773
commit
092f2effc5
|
@ -83,6 +83,8 @@
|
||||||
- (stevesk) Include config.h in rijndael.c so we define intXX_t and
|
- (stevesk) Include config.h in rijndael.c so we define intXX_t and
|
||||||
u_intXX_t types on all platforms.
|
u_intXX_t types on all platforms.
|
||||||
- (stevesk) rijndael.c: cleanup missing declaration warnings.
|
- (stevesk) rijndael.c: cleanup missing declaration warnings.
|
||||||
|
- (stevesk) ~/.hushlogin shouldn't cause required password change to
|
||||||
|
be bypassed.
|
||||||
|
|
||||||
20001007
|
20001007
|
||||||
- (stevesk) Print PAM return value in PAM log messages to aid
|
- (stevesk) Print PAM return value in PAM log messages to aid
|
||||||
|
|
|
@ -29,7 +29,7 @@
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
#include "servconf.h"
|
#include "servconf.h"
|
||||||
|
|
||||||
RCSID("$Id: auth-pam.c,v 1.16 2000/10/14 05:23:11 djm Exp $");
|
RCSID("$Id: auth-pam.c,v 1.17 2000/10/14 13:36:13 stevesk Exp $");
|
||||||
|
|
||||||
#define NEW_AUTHTOK_MSG \
|
#define NEW_AUTHTOK_MSG \
|
||||||
"Warning: Your password has expired, please change it now"
|
"Warning: Your password has expired, please change it now"
|
||||||
|
@ -261,6 +261,12 @@ void do_pam_setcred()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* accessor function for file scope static variable */
|
||||||
|
int pam_password_change_required(void)
|
||||||
|
{
|
||||||
|
return password_change_required;
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Have user change authentication token if pam_acct_mgmt() indicated
|
* Have user change authentication token if pam_acct_mgmt() indicated
|
||||||
* it was expired. This needs to be called after an interactive
|
* it was expired. This needs to be called after an interactive
|
||||||
|
|
|
@ -11,6 +11,7 @@ int do_pam_account(char *username, char *remote_user);
|
||||||
void do_pam_session(char *username, const char *ttyname);
|
void do_pam_session(char *username, const char *ttyname);
|
||||||
void do_pam_setcred();
|
void do_pam_setcred();
|
||||||
void print_pam_messages(void);
|
void print_pam_messages(void);
|
||||||
|
int pam_password_change_required(void);
|
||||||
void do_pam_chauthtok();
|
void do_pam_chauthtok();
|
||||||
|
|
||||||
#endif /* USE_PAM */
|
#endif /* USE_PAM */
|
||||||
|
|
16
session.c
16
session.c
|
@ -720,6 +720,17 @@ do_login(Session *s)
|
||||||
record_login(pid, s->tty, pw->pw_name, pw->pw_uid,
|
record_login(pid, s->tty, pw->pw_name, pw->pw_uid,
|
||||||
get_remote_name_or_ip(), (struct sockaddr *)&from);
|
get_remote_name_or_ip(), (struct sockaddr *)&from);
|
||||||
|
|
||||||
|
#ifdef USE_PAM
|
||||||
|
/*
|
||||||
|
* If password change is needed, do it now.
|
||||||
|
* This needs to occur before the ~/.hushlogin check.
|
||||||
|
*/
|
||||||
|
if (pam_password_change_required()) {
|
||||||
|
print_pam_messages();
|
||||||
|
do_pam_chauthtok();
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
/* Done if .hushlogin exists. */
|
/* Done if .hushlogin exists. */
|
||||||
snprintf(buf, sizeof(buf), "%.200s/.hushlogin", pw->pw_dir);
|
snprintf(buf, sizeof(buf), "%.200s/.hushlogin", pw->pw_dir);
|
||||||
#ifdef HAVE_LOGIN_CAP
|
#ifdef HAVE_LOGIN_CAP
|
||||||
|
@ -730,9 +741,8 @@ do_login(Session *s)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
#ifdef USE_PAM
|
#ifdef USE_PAM
|
||||||
print_pam_messages();
|
if (!pam_password_change_required())
|
||||||
/* If password change is needed, do it now. */
|
print_pam_messages();
|
||||||
do_pam_chauthtok();
|
|
||||||
#endif /* USE_PAM */
|
#endif /* USE_PAM */
|
||||||
#ifdef WITH_AIXAUTHENTICATE
|
#ifdef WITH_AIXAUTHENTICATE
|
||||||
if (aixloginmsg && *aixloginmsg)
|
if (aixloginmsg && *aixloginmsg)
|
||||||
|
|
Loading…
Reference in New Issue