- (stevesk) ~/.hushlogin shouldn't cause required password change to

be bypassed.
This commit is contained in:
Kevin Steves 2000-10-14 13:36:13 +00:00
parent f16b9d2773
commit 092f2effc5
4 changed files with 23 additions and 4 deletions

View File

@ -83,6 +83,8 @@
- (stevesk) Include config.h in rijndael.c so we define intXX_t and - (stevesk) Include config.h in rijndael.c so we define intXX_t and
u_intXX_t types on all platforms. u_intXX_t types on all platforms.
- (stevesk) rijndael.c: cleanup missing declaration warnings. - (stevesk) rijndael.c: cleanup missing declaration warnings.
- (stevesk) ~/.hushlogin shouldn't cause required password change to
be bypassed.
20001007 20001007
- (stevesk) Print PAM return value in PAM log messages to aid - (stevesk) Print PAM return value in PAM log messages to aid

View File

@ -29,7 +29,7 @@
#include "xmalloc.h" #include "xmalloc.h"
#include "servconf.h" #include "servconf.h"
RCSID("$Id: auth-pam.c,v 1.16 2000/10/14 05:23:11 djm Exp $"); RCSID("$Id: auth-pam.c,v 1.17 2000/10/14 13:36:13 stevesk Exp $");
#define NEW_AUTHTOK_MSG \ #define NEW_AUTHTOK_MSG \
"Warning: Your password has expired, please change it now" "Warning: Your password has expired, please change it now"
@ -261,6 +261,12 @@ void do_pam_setcred()
} }
} }
/* accessor function for file scope static variable */
int pam_password_change_required(void)
{
return password_change_required;
}
/* /*
* Have user change authentication token if pam_acct_mgmt() indicated * Have user change authentication token if pam_acct_mgmt() indicated
* it was expired. This needs to be called after an interactive * it was expired. This needs to be called after an interactive

View File

@ -11,6 +11,7 @@ int do_pam_account(char *username, char *remote_user);
void do_pam_session(char *username, const char *ttyname); void do_pam_session(char *username, const char *ttyname);
void do_pam_setcred(); void do_pam_setcred();
void print_pam_messages(void); void print_pam_messages(void);
int pam_password_change_required(void);
void do_pam_chauthtok(); void do_pam_chauthtok();
#endif /* USE_PAM */ #endif /* USE_PAM */

View File

@ -720,6 +720,17 @@ do_login(Session *s)
record_login(pid, s->tty, pw->pw_name, pw->pw_uid, record_login(pid, s->tty, pw->pw_name, pw->pw_uid,
get_remote_name_or_ip(), (struct sockaddr *)&from); get_remote_name_or_ip(), (struct sockaddr *)&from);
#ifdef USE_PAM
/*
* If password change is needed, do it now.
* This needs to occur before the ~/.hushlogin check.
*/
if (pam_password_change_required()) {
print_pam_messages();
do_pam_chauthtok();
}
#endif
/* Done if .hushlogin exists. */ /* Done if .hushlogin exists. */
snprintf(buf, sizeof(buf), "%.200s/.hushlogin", pw->pw_dir); snprintf(buf, sizeof(buf), "%.200s/.hushlogin", pw->pw_dir);
#ifdef HAVE_LOGIN_CAP #ifdef HAVE_LOGIN_CAP
@ -730,9 +741,8 @@ do_login(Session *s)
return; return;
#ifdef USE_PAM #ifdef USE_PAM
print_pam_messages(); if (!pam_password_change_required())
/* If password change is needed, do it now. */ print_pam_messages();
do_pam_chauthtok();
#endif /* USE_PAM */ #endif /* USE_PAM */
#ifdef WITH_AIXAUTHENTICATE #ifdef WITH_AIXAUTHENTICATE
if (aixloginmsg && *aixloginmsg) if (aixloginmsg && *aixloginmsg)