|
Lines 574-580
Link Here
|
| 574 |
void |
574 |
void |
| 575 |
do_exec_pty(Session *s, const char *command) |
575 |
do_exec_pty(Session *s, const char *command) |
| 576 |
{ |
576 |
{ |
| 577 |
int fdout, ptyfd, ttyfd, ptymaster; |
577 |
int fdout, ptyfd, ttyfd, ptymaster, status; |
| 578 |
pid_t pid; |
578 |
pid_t pid; |
| 579 |
|
579 |
|
| 580 |
if (s == NULL) |
580 |
if (s == NULL) |
|
Lines 587-592
Link Here
|
| 587 |
do_pam_setcred(1); |
587 |
do_pam_setcred(1); |
| 588 |
#endif |
588 |
#endif |
| 589 |
|
589 |
|
|
|
590 |
#ifdef USE_PAM |
| 591 |
/* |
| 592 |
* If password change is needed, do it now. It has to happen with |
| 593 |
* a tty attached, but we need to know the result before continuing |
| 594 |
* - so run it in a subshell. |
| 595 |
*/ |
| 596 |
if (is_pam_password_change_required()) { |
| 597 |
if ((pid = fork()) == 0) { |
| 598 |
fatal_remove_all_cleanups(); |
| 599 |
|
| 600 |
/* Child. Reinitialize the log because the pid has changed. */ |
| 601 |
log_init(__progname, options.log_level, options.log_facility, log_stderr); |
| 602 |
/* Close the master side of the pseudo tty. */ |
| 603 |
close(ptyfd); |
| 604 |
|
| 605 |
/* Make the pseudo tty our controlling tty. */ |
| 606 |
pty_make_controlling_tty(&ttyfd, s->tty); |
| 607 |
|
| 608 |
/* Redirect stdin/stdout/stderr from the pseudo tty. */ |
| 609 |
if (dup2(ttyfd, 0) < 0) |
| 610 |
error("dup2 stdin: %s", strerror(errno)); |
| 611 |
if (dup2(ttyfd, 1) < 0) |
| 612 |
error("dup2 stdout: %s", strerror(errno)); |
| 613 |
if (dup2(ttyfd, 2) < 0) |
| 614 |
error("dup2 stderr: %s", strerror(errno)); |
| 615 |
|
| 616 |
/* Close the extra descriptor for the pseudo tty. */ |
| 617 |
close(ttyfd); |
| 618 |
|
| 619 |
print_pam_messages(); |
| 620 |
do_pam_chauthtok(); |
| 621 |
exit(0); |
| 622 |
} |
| 623 |
if (waitpid(pid, &status, 0) == -1) |
| 624 |
fatal("waitpid: %s", strerror(errno)); |
| 625 |
if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) |
| 626 |
fatal("PAM password change failed"); |
| 627 |
/* |
| 628 |
* XXX - communicate change to monitor |
| 629 |
*/ |
| 630 |
} |
| 631 |
#endif |
| 632 |
|
| 590 |
/* Fork the child. */ |
633 |
/* Fork the child. */ |
| 591 |
if ((pid = fork()) == 0) { |
634 |
if ((pid = fork()) == 0) { |
| 592 |
fatal_remove_all_cleanups(); |
635 |
fatal_remove_all_cleanups(); |
|
Lines 747-763
Link Here
|
| 747 |
get_remote_name_or_ip(utmp_len, |
790 |
get_remote_name_or_ip(utmp_len, |
| 748 |
options.verify_reverse_mapping), |
791 |
options.verify_reverse_mapping), |
| 749 |
(struct sockaddr *)&from, fromlen); |
792 |
(struct sockaddr *)&from, fromlen); |
| 750 |
|
|
|
| 751 |
#ifdef USE_PAM |
| 752 |
/* |
| 753 |
* If password change is needed, do it now. |
| 754 |
* This needs to occur before the ~/.hushlogin check. |
| 755 |
*/ |
| 756 |
if (is_pam_password_change_required()) { |
| 757 |
print_pam_messages(); |
| 758 |
do_pam_chauthtok(); |
| 759 |
} |
| 760 |
#endif |
| 761 |
|
793 |
|
| 762 |
if (check_quietlogin(s, command)) |
794 |
if (check_quietlogin(s, command)) |
| 763 |
return; |
795 |
return; |