Bugzilla – Attachment 503 Details for
Bug 695
Cannot change password in PAM NIS+ environment
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Do chauthtok via SSH2 keyboard-interactive.
openssh-pamchauthtok4.patch (text/plain), 3.81 KB, created by
Darren Tucker
on 2003-11-20 00:03:03 AEDT
(
hide
)
Description:
Do chauthtok via SSH2 keyboard-interactive.
Filename:
MIME Type:
Creator:
Darren Tucker
Created:
2003-11-20 00:03:03 AEDT
Size:
3.81 KB
patch
obsolete
>Index: acconfig.h >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/acconfig.h,v >retrieving revision 1.168 >diff -u -p -r1.168 acconfig.h >--- acconfig.h 15 Oct 2003 06:57:57 -0000 1.168 >+++ acconfig.h 13 Nov 2003 09:02:50 -0000 >@@ -424,6 +424,9 @@ > /* Define if HEADER.ad exists in arpa/nameser.h */ > #undef HAVE_HEADER_AD > >+/* Define to disable pam_chauthtok via keyboard-interactive authentication */ >+#undef DISABLE_KBDINT_CHAUTHTOK >+ > @BOTTOM@ > > /* ******************* Shouldn't need to edit below this line ************** */ >Index: auth-pam.c >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth-pam.c,v >retrieving revision 1.82 >diff -u -p -r1.82 auth-pam.c >--- auth-pam.c 18 Nov 2003 01:45:36 -0000 1.82 >+++ auth-pam.c 20 Nov 2003 06:58:34 -0000 >@@ -53,6 +53,7 @@ RCSID("$Id: auth-pam.c,v 1.82 2003/11/18 > > extern ServerOptions options; > extern Buffer loginmsg; >+extern int compat20; > > #define __unused > >@@ -118,6 +119,7 @@ static int sshpam_authenticated = 0; > static int sshpam_new_authtok_reqd = 0; > static int sshpam_session_open = 0; > static int sshpam_cred_established = 0; >+static int sshpam_account_status = -1; > static char **sshpam_env = NULL; > > struct pam_ctxt { >@@ -152,6 +154,17 @@ import_environments(Buffer *b) > u_int i, num_env; > int err; > >+ /* Import variables set by do_pam_account */ >+ sshpam_account_status = buffer_get_int(b); >+ sshpam_new_authtok_reqd = buffer_get_int(b); >+ >+ if (sshpam_new_authtok_reqd == 0) { >+ /* Reset forwarding flags */ >+ no_port_forwarding_flag &= ~2; >+ no_agent_forwarding_flag &= ~2; >+ no_x11_forwarding_flag &= ~2; >+ } >+ > /* Import environment from subprocess */ > num_env = buffer_get_int(b); > sshpam_env = xmalloc((num_env + 1) * sizeof(*sshpam_env)); >@@ -290,9 +303,24 @@ sshpam_thread(void *ctxtp) > sshpam_err = pam_authenticate(sshpam_handle, 0); > if (sshpam_err != PAM_SUCCESS) > goto auth_fail; >+#ifndef DISABLE_KBDINT_CHAUTHTOK >+ if (compat20) { >+ if (do_pam_account() && sshpam_new_authtok_reqd) { >+ sshpam_err = pam_chauthtok(sshpam_handle, >+ PAM_CHANGE_EXPIRED_AUTHTOK); >+ if (sshpam_err != PAM_SUCCESS) >+ goto auth_fail; >+ sshpam_new_authtok_reqd = 0; >+ } >+ } >+#endif > buffer_put_cstring(&buffer, "OK"); > > #ifndef USE_POSIX_THREADS >+ /* Export variables set by do_pam_account */ >+ buffer_put_int(&buffer, sshpam_account_status); >+ buffer_put_int(&buffer, sshpam_new_authtok_reqd); >+ > /* Export any environment strings set in child */ > for(i = 0; environ[i] != NULL; i++) > ; /* Count */ >@@ -611,11 +639,16 @@ finish_pam(void) > u_int > do_pam_account(void) > { >+ if (sshpam_account_status != -1) >+ return (sshpam_account_status); >+ > sshpam_err = pam_acct_mgmt(sshpam_handle, 0); > debug3("%s: pam_acct_mgmt = %d", __func__, sshpam_err); > >- if (sshpam_err != PAM_SUCCESS && sshpam_err != PAM_NEW_AUTHTOK_REQD) >- return (0); >+ if (sshpam_err != PAM_SUCCESS && sshpam_err != PAM_NEW_AUTHTOK_REQD) { >+ sshpam_account_status = 0; >+ return (sshpam_account_status); >+ } > > if (sshpam_err == PAM_NEW_AUTHTOK_REQD) { > sshpam_new_authtok_reqd = 1; >@@ -626,7 +659,8 @@ do_pam_account(void) > no_x11_forwarding_flag |= 2; > } > >- return (1); >+ sshpam_account_status = 1; >+ return (sshpam_account_status); > } > > void >Index: configure.ac >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/configure.ac,v >retrieving revision 1.173 >diff -u -p -r1.173 configure.ac >--- configure.ac 15 Oct 2003 06:57:57 -0000 1.173 >+++ configure.ac 13 Nov 2003 09:00:50 -0000 >@@ -105,6 +105,7 @@ case "$host" in > AC_DEFINE(DISABLE_LASTLOG) > AC_DEFINE(LOGIN_NEEDS_UTMPX) > AC_DEFINE(SPT_TYPE,SPT_REUSEARGV) >+ AC_DEFINE(DISABLE_KBDINT_CHAUTHTOK) > ;; > *-*-cygwin*) > check_for_libcrypt_later=1
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=503">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 695
: 503