- (dtucker) [auth-passwd.c auth.h openbsd-compat/port-aix.c

openbsd-compat/port-aix.h] Bug #14: Use do_pwchange to support AIX's native password expiry.
author: Darren Tucker <dtucker@zip.com.au> 2004-02-10 12:50:19 +1100
committer: Darren Tucker <dtucker@zip.com.au> 2004-02-10 12:50:19 +1100
commit: e3dba82dd44c165716ce2a81157b6c2f269fc0af (patch)
tree: 3fc23f29c9e5e13892fb2c103bf75a60ff77b75a /openbsd-compat/port-aix.c
parent: 693f8a8aae5b79360f13f478c09235061aa59647 (diff)
1 files changed, 35 insertions, 4 deletions
diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c
index 6fc2ef771..a5511bbef 100644
--- a/openbsd-compat/port-aix.c
+++ b/openbsd-compat/port-aix.c
@@ -98,10 +98,10 @@ aix_remove_embedded_newlines(char *p)
 * returns 0.
 */
 int
-aix_authenticate(const char *name, const char *password, const char *host)
+sys_auth_passwd(Authctxt *ctxt, const char *password)
 {
-        char *authmsg = NULL, *msg;
+        char *authmsg = NULL, *host, *msg, *name = ctxt->pw->pw_name;
-        int authsuccess = 0, reenter, result;
+        int authsuccess = 0, expired, reenter, result;
        do {
                result = authenticate((char *)name, (char *)password, &reenter,
@@ -114,7 +114,12 @@ aix_authenticate(const char *name, const char *password, const char *host)
        if (result == 0) {
                authsuccess = 1;
-                /* No pty yet, so just label the line as "ssh" */
+                host = (char *)get_canonical_hostname(options.use_dns);
+                /*
+                 * Record successful login.  We don't have a pty yet, so just
+                 * label the line as "ssh"
+                 */
                aix_setauthdb(name);
                if (loginsuccess((char *)name, (char *)host, "ssh", &msg) == 0) {
                        if (msg != NULL) {
@@ -123,6 +128,32 @@ aix_authenticate(const char *name, const char *password, const char *host)
                                xfree(msg);
                        }
                }
+                /*
+                 * Check if the user's password is expired.
+                 */
+                expired = passwdexpired(name, &msg);
+                if (msg && *msg) {
+                        buffer_append(&loginmsg, msg, strlen(msg));
+                        aix_remove_embedded_newlines(msg);
+                }
+                debug3("AIX/passwdexpired returned %d msg %.100s", expired, msg);
+                switch (expired) {
+                case 0: /* password not expired */
+                        break;
+                case 1: /* expired, password change required */
+                        ctxt->force_pwchange = 1;
+                        disable_forwarding();
+                        break;
+                default: /* user can't change(2) or other error (-1) */
+                        logit("Password can't be changed for user %s: %.100s",
+                            name, msg);
+                        if (msg)
+                                xfree(msg);
+                        authsuccess = 0;
+                }
                aix_restoreauthdb();
        }
author	Darren Tucker <dtucker@zip.com.au>	2004-02-10 12:50:19 +1100
committer	Darren Tucker <dtucker@zip.com.au>	2004-02-10 12:50:19 +1100
commit	e3dba82dd44c165716ce2a81157b6c2f269fc0af (patch)
tree	3fc23f29c9e5e13892fb2c103bf75a60ff77b75a /openbsd-compat/port-aix.c
parent	693f8a8aae5b79360f13f478c09235061aa59647 (diff)

diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index 6fc2ef771..a5511bbef 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c
@@ -98,10 +98,10 @@ aix_remove_embedded_newlines(char *p)
98	* returns 0.	98	* returns 0.
99	*/	99	*/
100	int	100	int
101	aix_authenticate(const char name, const char password, const char *host)	101	sys_auth_passwd(Authctxt ctxt, const char password)
102	{	102	{
103	char authmsg = NULL, msg;	103	char authmsg = NULL, host, msg, name = ctxt->pw->pw_name;
104	int authsuccess = 0, reenter, result;	104	int authsuccess = 0, expired, reenter, result;
105		105
106	do {	106	do {
107	result = authenticate((char )name, (char )password, &reenter,	107	result = authenticate((char )name, (char )password, &reenter,
@@ -114,7 +114,12 @@ aix_authenticate(const char name, const char password, const char *host)
114	if (result == 0) {	114	if (result == 0) {
115	authsuccess = 1;	115	authsuccess = 1;
116		116
117	/* No pty yet, so just label the line as "ssh" */	117	host = (char *)get_canonical_hostname(options.use_dns);
		118
		119	/*
		120	* Record successful login. We don't have a pty yet, so just
		121	* label the line as "ssh"
		122	*/
118	aix_setauthdb(name);	123	aix_setauthdb(name);
119	if (loginsuccess((char )name, (char )host, "ssh", &msg) == 0) {	124	if (loginsuccess((char )name, (char )host, "ssh", &msg) == 0) {
120	if (msg != NULL) {	125	if (msg != NULL) {
@@ -123,6 +128,32 @@ aix_authenticate(const char name, const char password, const char *host)
123	xfree(msg);	128	xfree(msg);
124	}	129	}
125	}	130	}
		131
		132	/*
		133	* Check if the user's password is expired.
		134	*/
		135	expired = passwdexpired(name, &msg);
		136	if (msg && *msg) {
		137	buffer_append(&loginmsg, msg, strlen(msg));
		138	aix_remove_embedded_newlines(msg);
		139	}
		140	debug3("AIX/passwdexpired returned %d msg %.100s", expired, msg);
		141
		142	switch (expired) {
		143	case 0: /* password not expired */
		144	break;
		145	case 1: /* expired, password change required */
		146	ctxt->force_pwchange = 1;
		147	disable_forwarding();
		148	break;
		149	default: /* user can't change(2) or other error (-1) */
		150	logit("Password can't be changed for user %s: %.100s",
		151	name, msg);
		152	if (msg)
		153	xfree(msg);
		154	authsuccess = 0;
		155	}
		156
126	aix_restoreauthdb();	157	aix_restoreauthdb();
127	}	158	}
128		159