|
Lines 58-63
Link Here
|
| 58 |
static int password_change_required = 0; |
58 |
static int password_change_required = 0; |
| 59 |
/* remember whether the last pam_authenticate() succeeded or not */ |
59 |
/* remember whether the last pam_authenticate() succeeded or not */ |
| 60 |
static int was_authenticated = 0; |
60 |
static int was_authenticated = 0; |
|
|
61 |
static int acct_mgmt_retval = -1; |
| 62 |
static int chauthtok_retval = -1; |
| 61 |
|
63 |
|
| 62 |
/* Remember what has been initialised */ |
64 |
/* Remember what has been initialised */ |
| 63 |
static int session_opened = 0; |
65 |
static int session_opened = 0; |
|
Lines 71-80
Link Here
|
| 71 |
} |
73 |
} |
| 72 |
|
74 |
|
| 73 |
/* start an authentication run */ |
75 |
/* start an authentication run */ |
| 74 |
int do_pam_authenticate(int flags) |
76 |
int do_pam_authenticate(int flags, int can_age_pw_here) |
| 75 |
{ |
77 |
{ |
| 76 |
int retval = pam_authenticate(__pamh, flags); |
78 |
int retval = pam_authenticate(__pamh, flags); |
| 77 |
was_authenticated = (retval == PAM_SUCCESS); |
79 |
was_authenticated = (retval == PAM_SUCCESS); |
|
|
80 |
acct_mgmt_retval = pam_acct_mgmt(__pamh, 0); |
| 81 |
if ((acct_mgmt_retval == PAM_NEW_AUTHTOK_REQD) && |
| 82 |
can_age_pw_here) { |
| 83 |
debug("do_pam_authenticate() doing password aging"); |
| 84 |
chauthtok_retval = pam_chauthtok(__pamh, |
| 85 |
PAM_CHANGE_EXPIRED_AUTHTOK); |
| 86 |
was_authenticated = (chauthtok_retval == PAM_SUCCESS); |
| 87 |
retval = (chauthtok_retval == PAM_SUCCESS) ? |
| 88 |
retval : chauthtok_retval; |
| 89 |
} |
| 78 |
return retval; |
90 |
return retval; |
| 79 |
} |
91 |
} |
| 80 |
|
92 |
|
|
Lines 218-224
Link Here
|
| 218 |
|
230 |
|
| 219 |
pamstate = INITIAL_LOGIN; |
231 |
pamstate = INITIAL_LOGIN; |
| 220 |
pam_retval = do_pam_authenticate( |
232 |
pam_retval = do_pam_authenticate( |
| 221 |
options.permit_empty_passwd == 0 ? PAM_DISALLOW_NULL_AUTHTOK : 0); |
233 |
options.permit_empty_passwd == 0 ? PAM_DISALLOW_NULL_AUTHTOK : 0, |
|
|
234 |
0); |
| 222 |
if (pam_retval == PAM_SUCCESS) { |
235 |
if (pam_retval == PAM_SUCCESS) { |
| 223 |
debug("PAM Password authentication accepted for " |
236 |
debug("PAM Password authentication accepted for " |
| 224 |
"user \"%.100s\"", pw->pw_name); |
237 |
"user \"%.100s\"", pw->pw_name); |
|
Lines 246-257
Link Here
|
| 246 |
PAM_STRERROR(__pamh, pam_retval)); |
259 |
PAM_STRERROR(__pamh, pam_retval)); |
| 247 |
} |
260 |
} |
| 248 |
|
261 |
|
| 249 |
pam_retval = pam_acct_mgmt(__pamh, 0); |
262 |
/* do_pam_authenticate() may have called pam_acct_mgmt() already */ |
|
|
263 |
pam_retval = acct_mgmt_retval; |
| 264 |
if (pam_retval == -1) |
| 265 |
pam_retval = pam_acct_mgmt(__pamh, 0); |
| 266 |
|
| 250 |
switch (pam_retval) { |
267 |
switch (pam_retval) { |
| 251 |
case PAM_SUCCESS: |
268 |
case PAM_SUCCESS: |
| 252 |
/* This is what we want */ |
269 |
/* This is what we want */ |
| 253 |
break; |
270 |
break; |
| 254 |
case PAM_NEW_AUTHTOK_REQD: |
271 |
case PAM_NEW_AUTHTOK_REQD: |
|
|
272 |
/* pam_chauthtok() may have been called already */ |
| 273 |
if (chauthtok_retval != -1) |
| 274 |
return (chauthtok_retval == PAM_SUCCESS); |
| 255 |
message_cat(&__pam_msg, NEW_AUTHTOK_MSG); |
275 |
message_cat(&__pam_msg, NEW_AUTHTOK_MSG); |
| 256 |
/* flag that password change is necessary */ |
276 |
/* flag that password change is necessary */ |
| 257 |
password_change_required = 1; |
277 |
password_change_required = 1; |