diff options
author | Darren Tucker <dtucker@zip.com.au> | 2004-02-10 12:50:19 +1100 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2004-02-10 12:50:19 +1100 |
commit | e3dba82dd44c165716ce2a81157b6c2f269fc0af (patch) | |
tree | 3fc23f29c9e5e13892fb2c103bf75a60ff77b75a /openbsd-compat | |
parent | 693f8a8aae5b79360f13f478c09235061aa59647 (diff) |
- (dtucker) [auth-passwd.c auth.h openbsd-compat/port-aix.c
openbsd-compat/port-aix.h] Bug #14: Use do_pwchange to support AIX's
native password expiry.
Diffstat (limited to 'openbsd-compat')
-rw-r--r-- | openbsd-compat/port-aix.c | 39 | ||||
-rw-r--r-- | openbsd-compat/port-aix.h | 8 |
2 files changed, 41 insertions, 6 deletions
diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index 6fc2ef771..a5511bbef 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c | |||
@@ -98,10 +98,10 @@ aix_remove_embedded_newlines(char *p) | |||
98 | * returns 0. | 98 | * returns 0. |
99 | */ | 99 | */ |
100 | int | 100 | int |
101 | aix_authenticate(const char *name, const char *password, const char *host) | 101 | sys_auth_passwd(Authctxt *ctxt, const char *password) |
102 | { | 102 | { |
103 | char *authmsg = NULL, *msg; | 103 | char *authmsg = NULL, *host, *msg, *name = ctxt->pw->pw_name; |
104 | int authsuccess = 0, reenter, result; | 104 | int authsuccess = 0, expired, reenter, result; |
105 | 105 | ||
106 | do { | 106 | do { |
107 | result = authenticate((char *)name, (char *)password, &reenter, | 107 | result = authenticate((char *)name, (char *)password, &reenter, |
@@ -114,7 +114,12 @@ aix_authenticate(const char *name, const char *password, const char *host) | |||
114 | if (result == 0) { | 114 | if (result == 0) { |
115 | authsuccess = 1; | 115 | authsuccess = 1; |
116 | 116 | ||
117 | /* No pty yet, so just label the line as "ssh" */ | 117 | host = (char *)get_canonical_hostname(options.use_dns); |
118 | |||
119 | /* | ||
120 | * Record successful login. We don't have a pty yet, so just | ||
121 | * label the line as "ssh" | ||
122 | */ | ||
118 | aix_setauthdb(name); | 123 | aix_setauthdb(name); |
119 | if (loginsuccess((char *)name, (char *)host, "ssh", &msg) == 0) { | 124 | if (loginsuccess((char *)name, (char *)host, "ssh", &msg) == 0) { |
120 | if (msg != NULL) { | 125 | if (msg != NULL) { |
@@ -123,6 +128,32 @@ aix_authenticate(const char *name, const char *password, const char *host) | |||
123 | xfree(msg); | 128 | xfree(msg); |
124 | } | 129 | } |
125 | } | 130 | } |
131 | |||
132 | /* | ||
133 | * Check if the user's password is expired. | ||
134 | */ | ||
135 | expired = passwdexpired(name, &msg); | ||
136 | if (msg && *msg) { | ||
137 | buffer_append(&loginmsg, msg, strlen(msg)); | ||
138 | aix_remove_embedded_newlines(msg); | ||
139 | } | ||
140 | debug3("AIX/passwdexpired returned %d msg %.100s", expired, msg); | ||
141 | |||
142 | switch (expired) { | ||
143 | case 0: /* password not expired */ | ||
144 | break; | ||
145 | case 1: /* expired, password change required */ | ||
146 | ctxt->force_pwchange = 1; | ||
147 | disable_forwarding(); | ||
148 | break; | ||
149 | default: /* user can't change(2) or other error (-1) */ | ||
150 | logit("Password can't be changed for user %s: %.100s", | ||
151 | name, msg); | ||
152 | if (msg) | ||
153 | xfree(msg); | ||
154 | authsuccess = 0; | ||
155 | } | ||
156 | |||
126 | aix_restoreauthdb(); | 157 | aix_restoreauthdb(); |
127 | } | 158 | } |
128 | 159 | ||
diff --git a/openbsd-compat/port-aix.h b/openbsd-compat/port-aix.h index 930b3f248..ef03661ed 100644 --- a/openbsd-compat/port-aix.h +++ b/openbsd-compat/port-aix.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $Id: port-aix.h,v 1.17 2004/02/06 05:17:52 dtucker Exp $ */ | 1 | /* $Id: port-aix.h,v 1.18 2004/02/10 01:50:20 dtucker Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * | 4 | * |
@@ -36,6 +36,9 @@ | |||
36 | # include <usersec.h> | 36 | # include <usersec.h> |
37 | #endif | 37 | #endif |
38 | 38 | ||
39 | /* For Authctxt */ | ||
40 | #include "auth.h" | ||
41 | |||
39 | /* Some versions define r_type in the above headers, which causes a conflict */ | 42 | /* Some versions define r_type in the above headers, which causes a conflict */ |
40 | #ifdef r_type | 43 | #ifdef r_type |
41 | # undef r_type | 44 | # undef r_type |
@@ -62,11 +65,12 @@ | |||
62 | void aix_usrinfo(struct passwd *); | 65 | void aix_usrinfo(struct passwd *); |
63 | 66 | ||
64 | #ifdef WITH_AIXAUTHENTICATE | 67 | #ifdef WITH_AIXAUTHENTICATE |
68 | # define CUSTOM_SYS_AUTH_PASSWD 1 | ||
69 | int sys_auth_passwd(Authctxt *, const char *); | ||
65 | # define CUSTOM_FAILED_LOGIN 1 | 70 | # define CUSTOM_FAILED_LOGIN 1 |
66 | void record_failed_login(const char *, const char *); | 71 | void record_failed_login(const char *, const char *); |
67 | #endif | 72 | #endif |
68 | 73 | ||
69 | int aix_authenticate(const char *, const char *, const char *); | ||
70 | void aix_setauthdb(const char *); | 74 | void aix_setauthdb(const char *); |
71 | void aix_restoreauthdb(void); | 75 | void aix_restoreauthdb(void); |
72 | void aix_remove_embedded_newlines(char *); | 76 | void aix_remove_embedded_newlines(char *); |