Bugzilla – Attachment 55 Details for
Bug 188
pam_chauthtok() is called too late
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch to do pw aging in kbd-interactive
openssh-kbdint-pam.patch1 (text/plain), 3.22 KB, created by
Nicolas Williams
on 2002-03-28 02:43:27 AEDT
(
hide
)
Description:
Patch to do pw aging in kbd-interactive
Filename:
MIME Type:
Creator:
Nicolas Williams
Created:
2002-03-28 02:43:27 AEDT
Size:
3.22 KB
patch
obsolete
>Index: 3_0_2p1_w_gssk5_ubsw_devl.32/auth2-pam.c >--- 3_0_2p1_w_gssk5_ubsw_devl.32/auth2-pam.c Wed, 21 Nov 2001 10:38:46 -0500 >+++ 3_0_2p1_w_gssk5_ubsw_devl.33(w)/auth2-pam.c Wed, 27 Mar 2002 10:28:30 -0500 >@@ -42,7 +42,7 @@ > > dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, > &input_userauth_info_response_pam); >- retval = (do_pam_authenticate(0) == PAM_SUCCESS); >+ retval = (do_pam_authenticate(0, 1) == PAM_SUCCESS); > dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, NULL); > > return retval; >Index: 3_0_2p1_w_gssk5_ubsw_devl.32/auth-pam.h >--- 3_0_2p1_w_gssk5_ubsw_devl.32/auth-pam.h Thu, 10 Jan 2002 14:22:14 -0500 >+++ 3_0_2p1_w_gssk5_ubsw_devl.33(w)/auth-pam.h Wed, 27 Mar 2002 10:28:30 -0500 >@@ -9,7 +9,7 @@ > void finish_pam(void); > int auth_pam_password(struct passwd *pw, const char *password); > char **fetch_pam_environment(void); >-int do_pam_authenticate(int flags); >+int do_pam_authenticate(int flags, int can_age_pw_here); > int do_pam_account(char *username, char *remote_user); > void do_pam_session(char *username, const char *ttyname); > void do_pam_setcred(int init); >Index: 3_0_2p1_w_gssk5_ubsw_devl.32/auth-pam.c >--- 3_0_2p1_w_gssk5_ubsw_devl.32/auth-pam.c Thu, 10 Jan 2002 14:22:14 -0500 >+++ 3_0_2p1_w_gssk5_ubsw_devl.33(w)/auth-pam.c Wed, 27 Mar 2002 10:28:30 -0500 >@@ -58,6 +58,8 @@ > static int password_change_required = 0; > /* remember whether the last pam_authenticate() succeeded or not */ > static int was_authenticated = 0; >+static int acct_mgmt_retval = -1; >+static int chauthtok_retval = -1; > > /* Remember what has been initialised */ > static int session_opened = 0; >@@ -71,10 +73,20 @@ > } > > /* start an authentication run */ >-int do_pam_authenticate(int flags) >+int do_pam_authenticate(int flags, int can_age_pw_here) > { > int retval = pam_authenticate(__pamh, flags); > was_authenticated = (retval == PAM_SUCCESS); >+ acct_mgmt_retval = pam_acct_mgmt(__pamh, 0); >+ if ((acct_mgmt_retval == PAM_NEW_AUTHTOK_REQD) && >+ can_age_pw_here) { >+ debug("do_pam_authenticate() doing password aging"); >+ chauthtok_retval = pam_chauthtok(__pamh, >+ PAM_CHANGE_EXPIRED_AUTHTOK); >+ was_authenticated = (chauthtok_retval == PAM_SUCCESS); >+ retval = (chauthtok_retval == PAM_SUCCESS) ? >+ retval : chauthtok_retval; >+ } > return retval; > } > >@@ -218,7 +230,8 @@ > > pamstate = INITIAL_LOGIN; > pam_retval = do_pam_authenticate( >- options.permit_empty_passwd == 0 ? PAM_DISALLOW_NULL_AUTHTOK : 0); >+ options.permit_empty_passwd == 0 ? PAM_DISALLOW_NULL_AUTHTOK : 0, >+ 0); > if (pam_retval == PAM_SUCCESS) { > debug("PAM Password authentication accepted for " > "user \"%.100s\"", pw->pw_name); >@@ -246,12 +259,19 @@ > PAM_STRERROR(__pamh, pam_retval)); > } > >- pam_retval = pam_acct_mgmt(__pamh, 0); >+ /* do_pam_authenticate() may have called pam_acct_mgmt() already */ >+ pam_retval = acct_mgmt_retval; >+ if (pam_retval == -1) >+ pam_retval = pam_acct_mgmt(__pamh, 0); >+ > switch (pam_retval) { > case PAM_SUCCESS: > /* This is what we want */ > break; > case PAM_NEW_AUTHTOK_REQD: >+ /* pam_chauthtok() may have been called already */ >+ if (chauthtok_retval != -1) >+ return (chauthtok_retval == PAM_SUCCESS); > message_cat(&__pam_msg, NEW_AUTHTOK_MSG); > /* flag that password change is necessary */ > password_change_required = 1;
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 188
: 55 |
56