From 092f2effc5a50e6aeb5059d2b02d5e7b9c03fb42 Mon Sep 17 00:00:00 2001
From: Kevin Steves <stevesk@pobox.com>
Date: Sat, 14 Oct 2000 13:36:13 +0000
Subject:  - (stevesk) ~/.hushlogin shouldn't cause required password change to
     be bypassed.

---
 session.c | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

(limited to 'session.c')

diff --git a/session.c b/session.c
index dacb6a09..fc56c273 100644
--- a/session.c
+++ b/session.c
@@ -720,6 +720,17 @@ do_login(Session *s)
 	record_login(pid, s->tty, pw->pw_name, pw->pw_uid,
 	    get_remote_name_or_ip(), (struct sockaddr *)&from);
 
+#ifdef USE_PAM
+	/*
+	 * If password change is needed, do it now.
+	 * This needs to occur before the ~/.hushlogin check.
+	 */
+	if (pam_password_change_required()) {
+		print_pam_messages();
+		do_pam_chauthtok();
+	}
+#endif
+
 	/* Done if .hushlogin exists. */
 	snprintf(buf, sizeof(buf), "%.200s/.hushlogin", pw->pw_dir);
 #ifdef HAVE_LOGIN_CAP
@@ -730,9 +741,8 @@ do_login(Session *s)
 		return;
 
 #ifdef USE_PAM
-	print_pam_messages();
-	/* If password change is needed, do it now. */
-	do_pam_chauthtok();
+	if (!pam_password_change_required())
+		print_pam_messages();
 #endif /* USE_PAM */
 #ifdef WITH_AIXAUTHENTICATE
 	if (aixloginmsg && *aixloginmsg)
-- 
cgit v1.2.3