- (stevesk) Include config.h in rijndael.c so we define intXX_t and
u_intXX_t types on all platforms.
- (stevesk) rijndael.c: cleanup missing declaration warnings.
+ - (stevesk) ~/.hushlogin shouldn't cause required password change to
+ be bypassed.
20001007
- (stevesk) Print PAM return value in PAM log messages to aid
}
}
+/* accessor function for file scope static variable */
+int pam_password_change_required(void)
+{
+ return password_change_required;
+}
+
/*
* Have user change authentication token if pam_acct_mgmt() indicated
* it was expired. This needs to be called after an interactive
void do_pam_session(char *username, const char *ttyname);
void do_pam_setcred();
void print_pam_messages(void);
+int pam_password_change_required(void);
void do_pam_chauthtok();
#endif /* USE_PAM */
record_login(pid, s->tty, pw->pw_name, pw->pw_uid,
get_remote_name_or_ip(), (struct sockaddr *)&from);
+#ifdef USE_PAM
+ /*
+ * If password change is needed, do it now.
+ * This needs to occur before the ~/.hushlogin check.
+ */
+ if (pam_password_change_required()) {
+ print_pam_messages();
+ do_pam_chauthtok();
+ }
+#endif
+
/* Done if .hushlogin exists. */
snprintf(buf, sizeof(buf), "%.200s/.hushlogin", pw->pw_dir);
#ifdef HAVE_LOGIN_CAP
return;
#ifdef USE_PAM
- print_pam_messages();
- /* If password change is needed, do it now. */
- do_pam_chauthtok();
+ if (!pam_password_change_required())
+ print_pam_messages();
#endif /* USE_PAM */
#ifdef WITH_AIXAUTHENTICATE
if (aixloginmsg && *aixloginmsg)