search for: is_pam_password_change_required

...error("dup2 stdout: %s", strerror(errno)); + if (dup2(ttyfd, 2) < 0) + error("dup2 stderr: %s", strerror(errno)); + + /* close extra descriptors */ + close(socket); + close(ttyfd); + + /* call PAM chauthtok and return status to parent */ + do_pam_chauthtok(); + if(is_pam_password_change_required()) + exit(1); /* failed */ + else + exit(0); /* success */ + } + close(ttyfd); + + if (waitpid(pid, &status, 0) == -1) + fatal("Couldn't wait for child: %s", strerror(errno)); + + if (WEXITSTATUS(status)) + fatal("do_pam_chauthtok() failed, child returned %d",...

...9;ll know what to do with it... -d. --- http://www.monkey.org/~dugsong/ --- old/session.c Sat Dec 1 18:37:08 2001 +++ session.c Tue Feb 12 00:03:37 2002 @@ -437,7 +437,6 @@ session_proctitle(s); #if defined(USE_PAM) - do_pam_session(s->pw->pw_name, NULL); do_pam_setcred(1); if (is_pam_password_change_required()) packet_disconnect("Password change required but no " @@ -494,6 +493,9 @@ #endif /* USE_PIPES */ /* Do processing for the child (exec command etc). */ +#if defined(USE_PAM) + do_pam_session(s->pw->pw_name, NULL); +#endif /* USE_PAM */ do_child(s, command); /* NOTREA...

...16 10:00:40 2002 @@ -39,6 +39,7 @@ int do_pam_authenticate(int flags); int do_pam_account(char *username, char *remote_user); void do_pam_session(char *username, const char *ttyname); +void do_pam_set_tty(const char *ttyname); void do_pam_setcred(int init); void print_pam_messages(void); int is_pam_password_change_required(void); diff -u -r openssh-3.5p1/session.c openssh-3.5p1a/session.c --- openssh-3.5p1/session.c Thu Sep 26 02:38:50 2002 +++ openssh-3.5p1a/session.c Wed Oct 16 15:01:40 2002 @@ -454,7 +454,6 @@ session_proctitle(s); #if defined(USE_PAM) - do_pam_session(s->pw->pw_name, NULL); do_pam_se...

...d = 0; -#ifdef WITH_AIXAUTHENTICATE -char *aixloginmsg; -#endif /* WITH_AIXAUTHENTICATE */ +void do_tty_change_password(struct passwd *); #ifdef HAVE_LOGIN_CAP login_cap_t *lc; @@ -456,10 +457,11 @@ #if defined(USE_PAM) do_pam_session(s->pw->pw_name, NULL); do_pam_setcred(1); - if (is_pam_password_change_required()) +#endif /* USE_PAM */ + + if (password_change_required) packet_disconnect("Password change required but no " "TTY available"); -#endif /* USE_PAM */ /* Fork the child. */ if ((pid = fork()) == 0) { @@ -723,6 +725,7 @@ socklen_t fromlen; struct sockaddr_sto...

...;, strerror(errno)); + if (dup2(ttyfd, 1) < 0) + error("dup2 stdout: %s", strerror(errno)); + if (dup2(ttyfd, 2) < 0) + error("dup2 stderr: %s", strerror(errno)); + close(ttyfd); + /* execl("/bin/sh", "sh", NULL); */ + do_pam_chauthtok(); + if(is_pam_password_change_required()) + exit(1); /* failed */ + else + exit(0); /* success */ + } + close(ttyfd); + + if (waitpid(pid, &status, 0) == -1) + fatal("Couldn't wait for child: %s", strerror(errno)); + + if (WEXITSTATUS(status)) + fatal("do_pam_chauthtok() failed, child returned %d",...

...16 07:54:05 2002 @@ -12,6 +12,7 @@ int do_pam_authenticate(int flags); int do_pam_account(char *username, char *remote_user); void do_pam_session(char *username, const char *ttyname); +void do_pam_set_tty(const char *ttyname); void do_pam_setcred(int init); void print_pam_messages(void); int is_pam_password_change_required(void); Only in openssh-3.4p1-dw: auth-pam.h.orig diff -u -r openssh-3.4p1/session.c openssh-3.4p1-dw/session.c --- openssh-3.4p1/session.c Wed Jun 26 08:51:06 2002 +++ openssh-3.4p1-dw/session.c Tue Jul 16 07:54:06 2002 @@ -461,7 +461,6 @@ session_proctitle(s); #if defined(USE_PAM) - do_pam_se...

http://bugzilla.mindrot.org/show_bug.cgi?id=423 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO| |627 nThis| | Status|NEW |ASSIGNED ------- Additional

...atal_remove_all_cleanups(); @@ -757,6 +766,13 @@ } #endif +#ifdef WITH_AIXAUTHENTICATE + if (is_aix_password_change_required()) { + printf("%s\n", aixexpiremsg); + do_aix_change_password(pw); + } +#endif + if (check_quietlogin(s, command)) return; @@ -764,7 +780,10 @@ if (!is_pam_password_change_required()) print_pam_messages(); #endif /* USE_PAM */ + #ifdef WITH_AIXAUTHENTICATE + if (!is_aix_password_change_required() && aixexpiremsg && *aixexpiremsg) + printf("%s\n", aixexpiremsg); if (aixloginmsg && *aixloginmsg) printf("%s\n", aixloginmsg);...

Hello all, I'd greatly appreciate a patch that will stop PAM mucking around after I log in with a Kerberos 4 ticket and forward an AFS ticket (KTH Kerberos 1.1.1 used for libkrb/libkafs). The trouble is, I need pam_krb4, so that folks, who log in with without tickets using tunnelled plaintext password, would get Kerberos 4 tickets for the box. I rebuilt sshd without PAM in order to verify

...; - sshpam_err = pam_open_session(sshpam_handle, 0); - if (sshpam_err != PAM_SUCCESS) - fatal("PAM: pam_open_session(): %s", - pam_strerror(sshpam_handle, sshpam_err)); - sshpam_session_open = 1; -} - -void do_pam_set_tty(const char *tty) { if (tty != NULL) { @@ -611,7 +594,7 @@ is_pam_password_change_required(void) } static int -pam_chauthtok_conv(int n, const struct pam_message **msg, +pam_tty_conv(int n, const struct pam_message **msg, struct pam_response **resp, void *data) { char input[PAM_MAX_MSG_SIZE]; @@ -620,7 +603,7 @@ pam_chauthtok_conv(int n, const struct p *resp = NULL; - i...

http://bugzilla.mindrot.org/show_bug.cgi?id=564 ------- Additional Comments From djm at mindrot.org 2003-07-30 11:48 ------- Maybe UsePAM should be a tri-state: "kbd-int", "no" or "always". This is ugly - suggestions wanted. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

...r *original_command = NULL; @@ -103,10 +104,6 @@ #define MAX_SESSIONS 10 Session sessions[MAX_SESSIONS]; -#ifdef WITH_AIXAUTHENTICATE -char *aixloginmsg; -#endif /* WITH_AIXAUTHENTICATE */ - #ifdef HAVE_LOGIN_CAP login_cap_t *lc; #endif @@ -770,10 +767,13 @@ if (options.use_pam && !is_pam_password_change_required()) print_pam_messages(); #endif /* USE_PAM */ -#ifdef WITH_AIXAUTHENTICATE - if (aixloginmsg && *aixloginmsg) - printf("%s\n", aixloginmsg); -#endif /* WITH_AIXAUTHENTICATE */ + + /* display post-login message */ + if (buffer_len(&loginmsg) > 0) { + buffer_append(&amp...

...", 1); + if (password_change_required) { + printf("%s\n", (char *)buffer_ptr(&expiremsg)); + fflush(stdout); + password_changed = do_tty_change_password(pw); + } #endif if (check_quietlogin(s, command)) @@ -766,6 +779,9 @@ #ifdef USE_PAM if (options.use_pam && !is_pam_password_change_required()) print_pam_messages(); +#else + if (!password_changed) + printf("%s\n", (char *)buffer_ptr(&expiremsg)); #endif /* USE_PAM */ /* display post-login message */ Index: sshd.c =================================================================== RCS file: /usr/local/src/security...

...", 1); + if (password_change_required) { + printf("%s\n", (char *)buffer_ptr(&expiremsg)); + fflush(stdout); + password_changed = do_tty_change_password(pw); + } #endif if (check_quietlogin(s, command)) @@ -766,6 +779,9 @@ #ifdef USE_PAM if (options.use_pam && !is_pam_password_change_required()) print_pam_messages(); +#else + if (!password_changed) + printf("%s\n", (char *)buffer_ptr(&expiremsg)); #endif /* USE_PAM */ /* display post-login message */ Index: sshd.c =================================================================== RCS file: /usr/local/src/security...