Attachment #3545 for bug #3210

View | Details | Raw Unified | Return to bug 3210
Collapse All | Expand All




	if (sshpam_err != PAM_SUCCESS)
		goto auth_fail;

	sshpam_err = do_pam_account();
	if (sshpam_err != PAM_SUCCESS && sshpam_err != PAM_NEW_AUTHTOK_REQD)
		goto auth_fail;

	if (sshpam_authctxt->force_pwchange) {
		sshpam_err = pam_chauthtok(sshpam_handle,
		    PAM_CHANGE_EXPIRED_AUTHTOK);

	pthread_exit(NULL);

 auth_fail:
	debug3("PAM: auth_fail sshpam_err=%d %s", sshpam_err, pam_strerror(sshpam_handle, sshpam_err));
	if ((r = sshbuf_put_cstring(buffer,
	    pam_strerror(sshpam_handle, sshpam_err))) != 0)
		fatal("%s: buffer error: %s", __func__, ssh_err(r));
	/* XXX - can't do much about an error here */
	if (sshpam_maxtries_reached)
		ssh_msg_send(ctxt->pam_csock, PAM_ACCT_EXPIRED, buffer);
	else if (sshpam_maxtries_reached)
		ssh_msg_send(ctxt->pam_csock, PAM_MAXTRIES, buffer);
	else
		ssh_msg_send(ctxt->pam_csock, sshpam_err, buffer);
	sshbuf_free(buffer);
	pthread_exit(NULL);


		sshpam_password_change_required(1);

	sshpam_account_status = 1;
	return (sshpam_err);
}

void

Return to bug 3210

Lines 522-531 sshpam_thread(void *ctxtp) Link Here

(-)a/auth-pam.c (-8 / +7 lines)
522	if (sshpam_err != PAM_SUCCESS)	522	if (sshpam_err != PAM_SUCCESS)
523	goto auth_fail;	523	goto auth_fail;
524		524
525	if (!do_pam_account()) {	525	sshpam_err = do_pam_account();
526	sshpam_err = PAM_ACCT_EXPIRED;	526	if (sshpam_err != PAM_SUCCESS && sshpam_err != PAM_NEW_AUTHTOK_REQD)
527	goto auth_fail;	527	goto auth_fail;
528	}	528
529	if (sshpam_authctxt->force_pwchange) {	529	if (sshpam_authctxt->force_pwchange) {
530	sshpam_err = pam_chauthtok(sshpam_handle,	530	sshpam_err = pam_chauthtok(sshpam_handle,
531	PAM_CHANGE_EXPIRED_AUTHTOK);	531	PAM_CHANGE_EXPIRED_AUTHTOK);
Lines 576-591 sshpam_thread(void *ctxtp) Link Here
576	pthread_exit(NULL);	576	pthread_exit(NULL);
577		577
578	auth_fail:	578	auth_fail:
		579	debug3("PAM: auth_fail sshpam_err=%d %s", sshpam_err, pam_strerror(sshpam_handle, sshpam_err));
579	if ((r = sshbuf_put_cstring(buffer,	580	if ((r = sshbuf_put_cstring(buffer,
580	pam_strerror(sshpam_handle, sshpam_err))) != 0)	581	pam_strerror(sshpam_handle, sshpam_err))) != 0)
581	fatal("%s: buffer error: %s", __func__, ssh_err(r));	582	fatal("%s: buffer error: %s", __func__, ssh_err(r));
582	/* XXX - can't do much about an error here */	583	/* XXX - can't do much about an error here */
583	if (sshpam_err == PAM_ACCT_EXPIRED)	584	if (sshpam_maxtries_reached)
584	ssh_msg_send(ctxt->pam_csock, PAM_ACCT_EXPIRED, buffer);
585	else if (sshpam_maxtries_reached)
586	ssh_msg_send(ctxt->pam_csock, PAM_MAXTRIES, buffer);	585	ssh_msg_send(ctxt->pam_csock, PAM_MAXTRIES, buffer);
587	else	586	else
588	ssh_msg_send(ctxt->pam_csock, PAM_AUTH_ERR, buffer);	587	ssh_msg_send(ctxt->pam_csock, sshpam_err, buffer);
589	sshbuf_free(buffer);	588	sshbuf_free(buffer);
590	pthread_exit(NULL);	589	pthread_exit(NULL);
591		590
Lines 1083-1089 do_pam_account(void) Link Here
1083	sshpam_password_change_required(1);	1082	sshpam_password_change_required(1);
1084		1083
1085	sshpam_account_status = 1;	1084	sshpam_account_status = 1;
1086	return (sshpam_account_status);	1085	return (sshpam_err);
1087	}	1086	}
1088		1087
1089	void	1088	void