Attachment 542 Details for Bug 14 – Hook the SSHv1 PAM password expired case into do_pwchange

[patch] Hook the SSHv1 PAM password expired case into do_pwchange

openssh-pamexpire-sshv1.patch (text/plain), 3.31 KB, created by Darren Tucker on 2004-02-08 14:10:58 AEDT

(hide)

Description:

Filename:

MIME Type:

Creator: Darren Tucker

Created: 2004-02-08 14:10:58 AEDT

Size: 3.31 KB

patch

obsolete

>Index: auth-pam.c
>===================================================================
>RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth-pam.c,v
>retrieving revision 1.92
>diff -u -p -r1.92 auth-pam.c
>--- auth-pam.c	14 Jan 2004 13:15:08 -0000	1.92
>+++ auth-pam.c	8 Feb 2004 02:36:58 -0000
>@@ -864,12 +864,6 @@ do_pam_putenv(char *name, char *value)
> 	return (ret);
> }
> 
>-void
>-print_pam_messages(void)
>-{
>-	/* XXX */
>-}
>-
> char **
> fetch_pam_child_environment(void)
> {
>Index: auth-pam.h
>===================================================================
>RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth-pam.h,v
>retrieving revision 1.23
>diff -u -p -r1.23 auth-pam.h
>--- auth-pam.h	17 Nov 2003 10:41:42 -0000	1.23
>+++ auth-pam.h	8 Feb 2004 02:37:07 -0000
>@@ -40,7 +40,6 @@ void do_pam_setcred(int );
> int is_pam_password_change_required(void);
> void do_pam_chauthtok(void);
> int do_pam_putenv(char *, char *);
>-void print_pam_messages(void);
> char ** fetch_pam_environment(void);
> char ** fetch_pam_child_environment(void);
> void free_pam_environment(char **);
>Index: session.c
>===================================================================
>RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/session.c,v
>retrieving revision 1.273
>diff -u -p -r1.273 session.c
>--- session.c	6 Feb 2004 05:24:32 -0000	1.273
>+++ session.c	8 Feb 2004 02:38:32 -0000
>@@ -195,6 +195,16 @@ auth_input_request_forwarding(struct pas
> 
> 
> void
>+display_loginmsg(void)
>+{
>+	if (buffer_len(&loginmsg) > 0) {
>+		buffer_append(&loginmsg, "\0", 1);
>+		printf("%s\n", (char *)buffer_ptr(&loginmsg));
>+		buffer_clear(&loginmsg);
>+	}
>+}
>+
>+void
> do_authenticated(Authctxt *authctxt)
> {
> 	setproctitle("%s", authctxt->pw->pw_name);
>@@ -699,8 +709,11 @@ do_login(Session *s, const char *command
> 	 * This needs to occur before the ~/.hushlogin check.
> 	 */
> 	if (options.use_pam && is_pam_password_change_required()) {
>-		print_pam_messages();
>-		do_pam_chauthtok();
>+		display_loginmsg();
>+		if (use_privsep)
>+			do_pwchange(s);
>+		else
>+			do_pam_chauthtok();
> 		/* XXX - signal [net] parent to enable forwardings */
> 	}
> #endif
>@@ -708,17 +721,7 @@ do_login(Session *s, const char *command
> 	if (check_quietlogin(s, command))
> 		return;
> 
>-#ifdef USE_PAM
>-	if (options.use_pam && !is_pam_password_change_required())
>-		print_pam_messages();
>-#endif /* USE_PAM */
>-
>-	/* display post-login message */
>-	if (buffer_len(&loginmsg) > 0) {
>-		buffer_append(&loginmsg, "\0", 1);
>-		printf("%s\n", (char *)buffer_ptr(&loginmsg));
>-	}
>-	buffer_free(&loginmsg);
>+	display_loginmsg();
> 
> #ifndef NO_SSH_LASTLOG
> 	if (options.print_lastlog && s->last_login_time != 0) {
>@@ -1303,7 +1306,7 @@ do_setusercontext(struct passwd *pw)
> 		fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
> }
> 
>-static void
>+void
> do_pwchange(Session *s)
> {
> 	fprintf(stderr, "WARNING: Your password has expired.\n");
>Index: session.h
>===================================================================
>RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/session.h,v
>retrieving revision 1.25
>diff -u -p -r1.25 session.h
>--- session.h	2 Oct 2003 06:12:37 -0000	1.25
>+++ session.h	8 Feb 2004 02:58:31 -0000
>@@ -72,4 +72,6 @@ void	 do_setusercontext(struct passwd *)
> void	 child_set_env(char ***envp, u_int *envsizep, const char *name,
> 		       const char *value);
> 
>+void	 do_pwchange(Session *);
>+
> #endif

Actions: View | Diff

Attachments on bug 14: 5 | 199 | 200 | 201 | 205 | 215 | 234 | 240 | 248 | 278 | 540 | 541 | 542 | 543 | 544