|
Lines 443-450
sshpam_thread(void *ctxtp)
Link Here
|
| 443 |
goto auth_fail; |
443 |
goto auth_fail; |
| 444 |
|
444 |
|
| 445 |
if (compat20) { |
445 |
if (compat20) { |
| 446 |
if (!do_pam_account()) |
446 |
if (!do_pam_account()) { |
|
|
447 |
sshpam_err = PAM_ACCT_EXPIRED; |
| 447 |
goto auth_fail; |
448 |
goto auth_fail; |
|
|
449 |
} |
| 448 |
if (sshpam_authctxt->force_pwchange) { |
450 |
if (sshpam_authctxt->force_pwchange) { |
| 449 |
sshpam_err = pam_chauthtok(sshpam_handle, |
451 |
sshpam_err = pam_chauthtok(sshpam_handle, |
| 450 |
PAM_CHANGE_EXPIRED_AUTHTOK); |
452 |
PAM_CHANGE_EXPIRED_AUTHTOK); |
|
Lines 486-492
sshpam_thread(void *ctxtp)
Link Here
|
| 486 |
buffer_put_cstring(&buffer, |
488 |
buffer_put_cstring(&buffer, |
| 487 |
pam_strerror(sshpam_handle, sshpam_err)); |
489 |
pam_strerror(sshpam_handle, sshpam_err)); |
| 488 |
/* XXX - can't do much about an error here */ |
490 |
/* XXX - can't do much about an error here */ |
| 489 |
ssh_msg_send(ctxt->pam_csock, PAM_AUTH_ERR, &buffer); |
491 |
if (sshpam_err == PAM_ACCT_EXPIRED) |
|
|
492 |
ssh_msg_send(ctxt->pam_csock, PAM_ACCT_EXPIRED, &buffer); |
| 493 |
else |
| 494 |
ssh_msg_send(ctxt->pam_csock, PAM_AUTH_ERR, &buffer); |
| 490 |
buffer_free(&buffer); |
495 |
buffer_free(&buffer); |
| 491 |
pthread_exit(NULL); |
496 |
pthread_exit(NULL); |
| 492 |
|
497 |
|
|
Lines 642-649
sshpam_init_ctx(Authctxt *authctxt)
Link Here
|
| 642 |
int socks[2]; |
647 |
int socks[2]; |
| 643 |
|
648 |
|
| 644 |
debug3("PAM: %s entering", __func__); |
649 |
debug3("PAM: %s entering", __func__); |
| 645 |
/* Refuse to start if we don't have PAM enabled */ |
650 |
/* |
| 646 |
if (!options.use_pam) |
651 |
* Refuse to start if we don't have PAM enabled or do_pam_account |
|
|
652 |
* has previously failed. |
| 653 |
*/ |
| 654 |
if (!options.use_pam || sshpam_account_status == 0) |
| 647 |
return NULL; |
655 |
return NULL; |
| 648 |
|
656 |
|
| 649 |
/* Initialize PAM */ |
657 |
/* Initialize PAM */ |
|
Lines 720-727
sshpam_query(void *ctx, char **name, cha
Link Here
|
| 720 |
plen++; |
728 |
plen++; |
| 721 |
xfree(msg); |
729 |
xfree(msg); |
| 722 |
break; |
730 |
break; |
|
|
731 |
case PAM_ACCT_EXPIRED: |
| 732 |
sshpam_account_status = 0; |
| 733 |
/* FALLTHROUGH */ |
| 723 |
case PAM_AUTH_ERR: |
734 |
case PAM_AUTH_ERR: |
| 724 |
debug3("PAM: PAM_AUTH_ERR"); |
735 |
debug3("PAM: %s", pam_strerror(sshpam_handle, type)); |
| 725 |
if (**prompts != NULL && strlen(**prompts) != 0) { |
736 |
if (**prompts != NULL && strlen(**prompts) != 0) { |
| 726 |
*info = **prompts; |
737 |
*info = **prompts; |
| 727 |
**prompts = NULL; |
738 |
**prompts = NULL; |