From 608ec1f62ff22fdccc3952e51463d79c43cbd0d3 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 29 Mar 2017 09:50:54 +1100 Subject: [PATCH] Remove SSHv1 code path. Server-side support for Protocol 1 has been removed so remove !compat20 PAM code path. --- auth-pam.c | 21 +++++++++------------ 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/auth-pam.c b/auth-pam.c index bc8e5e02d..9574d9ac7 100644 --- a/auth-pam.c +++ b/auth-pam.c @@ -106,7 +106,6 @@ extern char *__progname; extern ServerOptions options; extern Buffer loginmsg; -extern int compat20; extern u_int utmp_len; /* so we don't silently change behaviour */ @@ -468,18 +467,16 @@ sshpam_thread(void *ctxtp) if (sshpam_err != PAM_SUCCESS) goto auth_fail; - if (compat20) { - if (!do_pam_account()) { - sshpam_err = PAM_ACCT_EXPIRED; + if (!do_pam_account()) { + sshpam_err = PAM_ACCT_EXPIRED; + goto auth_fail; + } + if (sshpam_authctxt->force_pwchange) { + sshpam_err = pam_chauthtok(sshpam_handle, + PAM_CHANGE_EXPIRED_AUTHTOK); + if (sshpam_err != PAM_SUCCESS) goto auth_fail; - } - if (sshpam_authctxt->force_pwchange) { - sshpam_err = pam_chauthtok(sshpam_handle, - PAM_CHANGE_EXPIRED_AUTHTOK); - if (sshpam_err != PAM_SUCCESS) - goto auth_fail; - sshpam_password_change_required(0); - } + sshpam_password_change_required(0); } buffer_put_cstring(&buffer, "OK");