diff options
-rw-r--r-- | ChangeLog | 7 | ||||
-rw-r--r-- | auth-passwd.c | 14 | ||||
-rw-r--r-- | auth.h | 1 | ||||
-rw-r--r-- | openbsd-compat/port-aix.c | 39 | ||||
-rw-r--r-- | openbsd-compat/port-aix.h | 8 |
5 files changed, 50 insertions, 19 deletions
@@ -1,3 +1,8 @@ | |||
1 | 20040210 | ||
2 | - (dtucker) [auth-passwd.c auth.h openbsd-compat/port-aix.c | ||
3 | openbsd-compat/port-aix.h] Bug #14: Use do_pwchange to support AIX's | ||
4 | native password expiry. | ||
5 | |||
1 | 20040207 | 6 | 20040207 |
2 | - (dtucker) OpenBSD CVS Sync | 7 | - (dtucker) OpenBSD CVS Sync |
3 | - dtucker@cvs.openbsd.org 2004/02/06 23:41:13 | 8 | - dtucker@cvs.openbsd.org 2004/02/06 23:41:13 |
@@ -1820,4 +1825,4 @@ | |||
1820 | - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. | 1825 | - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. |
1821 | Report from murple@murple.net, diagnosis from dtucker@zip.com.au | 1826 | Report from murple@murple.net, diagnosis from dtucker@zip.com.au |
1822 | 1827 | ||
1823 | $Id: ChangeLog,v 1.3217 2004/02/07 01:29:39 dtucker Exp $ | 1828 | $Id: ChangeLog,v 1.3218 2004/02/10 01:50:19 dtucker Exp $ |
diff --git a/auth-passwd.c b/auth-passwd.c index 5cc88155c..a58dc042b 100644 --- a/auth-passwd.c +++ b/auth-passwd.c | |||
@@ -43,14 +43,11 @@ RCSID("$OpenBSD: auth-passwd.c,v 1.31 2004/01/30 09:48:57 markus Exp $"); | |||
43 | #include "servconf.h" | 43 | #include "servconf.h" |
44 | #include "auth.h" | 44 | #include "auth.h" |
45 | #include "auth-options.h" | 45 | #include "auth-options.h" |
46 | #ifdef WITH_AIXAUTHENTICATE | ||
47 | # include "canohost.h" | ||
48 | #endif | ||
49 | 46 | ||
50 | extern ServerOptions options; | 47 | extern ServerOptions options; |
51 | int sys_auth_passwd(Authctxt *, const char *); | 48 | int sys_auth_passwd(Authctxt *, const char *); |
52 | 49 | ||
53 | static void | 50 | void |
54 | disable_forwarding(void) | 51 | disable_forwarding(void) |
55 | { | 52 | { |
56 | no_port_forwarding_flag = 1; | 53 | no_port_forwarding_flag = 1; |
@@ -121,14 +118,7 @@ sys_auth_passwd(Authctxt *authctxt, const char *password) | |||
121 | return (auth_close(as)); | 118 | return (auth_close(as)); |
122 | } | 119 | } |
123 | } | 120 | } |
124 | #elif defined(WITH_AIXAUTHENTICATE) | 121 | #elif !defined(CUSTOM_SYS_AUTH_PASSWD) |
125 | int | ||
126 | sys_auth_passwd(Authctxt *authctxt, const char *password) | ||
127 | { | ||
128 | return (aix_authenticate(authctxt->pw->pw_name, password, | ||
129 | get_canonical_hostname(options.use_dns))); | ||
130 | } | ||
131 | #else | ||
132 | int | 122 | int |
133 | sys_auth_passwd(Authctxt *authctxt, const char *password) | 123 | sys_auth_passwd(Authctxt *authctxt, const char *password) |
134 | { | 124 | { |
@@ -123,6 +123,7 @@ void krb5_cleanup_proc(Authctxt *authctxt); | |||
123 | #endif /* KRB5 */ | 123 | #endif /* KRB5 */ |
124 | 124 | ||
125 | #include "auth-pam.h" | 125 | #include "auth-pam.h" |
126 | void disable_forwarding(void); | ||
126 | 127 | ||
127 | void do_authentication(Authctxt *); | 128 | void do_authentication(Authctxt *); |
128 | void do_authentication2(Authctxt *); | 129 | void do_authentication2(Authctxt *); |
diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index 6fc2ef771..a5511bbef 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c | |||
@@ -98,10 +98,10 @@ aix_remove_embedded_newlines(char *p) | |||
98 | * returns 0. | 98 | * returns 0. |
99 | */ | 99 | */ |
100 | int | 100 | int |
101 | aix_authenticate(const char *name, const char *password, const char *host) | 101 | sys_auth_passwd(Authctxt *ctxt, const char *password) |
102 | { | 102 | { |
103 | char *authmsg = NULL, *msg; | 103 | char *authmsg = NULL, *host, *msg, *name = ctxt->pw->pw_name; |
104 | int authsuccess = 0, reenter, result; | 104 | int authsuccess = 0, expired, reenter, result; |
105 | 105 | ||
106 | do { | 106 | do { |
107 | result = authenticate((char *)name, (char *)password, &reenter, | 107 | result = authenticate((char *)name, (char *)password, &reenter, |
@@ -114,7 +114,12 @@ aix_authenticate(const char *name, const char *password, const char *host) | |||
114 | if (result == 0) { | 114 | if (result == 0) { |
115 | authsuccess = 1; | 115 | authsuccess = 1; |
116 | 116 | ||
117 | /* No pty yet, so just label the line as "ssh" */ | 117 | host = (char *)get_canonical_hostname(options.use_dns); |
118 | |||
119 | /* | ||
120 | * Record successful login. We don't have a pty yet, so just | ||
121 | * label the line as "ssh" | ||
122 | */ | ||
118 | aix_setauthdb(name); | 123 | aix_setauthdb(name); |
119 | if (loginsuccess((char *)name, (char *)host, "ssh", &msg) == 0) { | 124 | if (loginsuccess((char *)name, (char *)host, "ssh", &msg) == 0) { |
120 | if (msg != NULL) { | 125 | if (msg != NULL) { |
@@ -123,6 +128,32 @@ aix_authenticate(const char *name, const char *password, const char *host) | |||
123 | xfree(msg); | 128 | xfree(msg); |
124 | } | 129 | } |
125 | } | 130 | } |
131 | |||
132 | /* | ||
133 | * Check if the user's password is expired. | ||
134 | */ | ||
135 | expired = passwdexpired(name, &msg); | ||
136 | if (msg && *msg) { | ||
137 | buffer_append(&loginmsg, msg, strlen(msg)); | ||
138 | aix_remove_embedded_newlines(msg); | ||
139 | } | ||
140 | debug3("AIX/passwdexpired returned %d msg %.100s", expired, msg); | ||
141 | |||
142 | switch (expired) { | ||
143 | case 0: /* password not expired */ | ||
144 | break; | ||
145 | case 1: /* expired, password change required */ | ||
146 | ctxt->force_pwchange = 1; | ||
147 | disable_forwarding(); | ||
148 | break; | ||
149 | default: /* user can't change(2) or other error (-1) */ | ||
150 | logit("Password can't be changed for user %s: %.100s", | ||
151 | name, msg); | ||
152 | if (msg) | ||
153 | xfree(msg); | ||
154 | authsuccess = 0; | ||
155 | } | ||
156 | |||
126 | aix_restoreauthdb(); | 157 | aix_restoreauthdb(); |
127 | } | 158 | } |
128 | 159 | ||
diff --git a/openbsd-compat/port-aix.h b/openbsd-compat/port-aix.h index 930b3f248..ef03661ed 100644 --- a/openbsd-compat/port-aix.h +++ b/openbsd-compat/port-aix.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $Id: port-aix.h,v 1.17 2004/02/06 05:17:52 dtucker Exp $ */ | 1 | /* $Id: port-aix.h,v 1.18 2004/02/10 01:50:20 dtucker Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * | 4 | * |
@@ -36,6 +36,9 @@ | |||
36 | # include <usersec.h> | 36 | # include <usersec.h> |
37 | #endif | 37 | #endif |
38 | 38 | ||
39 | /* For Authctxt */ | ||
40 | #include "auth.h" | ||
41 | |||
39 | /* Some versions define r_type in the above headers, which causes a conflict */ | 42 | /* Some versions define r_type in the above headers, which causes a conflict */ |
40 | #ifdef r_type | 43 | #ifdef r_type |
41 | # undef r_type | 44 | # undef r_type |
@@ -62,11 +65,12 @@ | |||
62 | void aix_usrinfo(struct passwd *); | 65 | void aix_usrinfo(struct passwd *); |
63 | 66 | ||
64 | #ifdef WITH_AIXAUTHENTICATE | 67 | #ifdef WITH_AIXAUTHENTICATE |
68 | # define CUSTOM_SYS_AUTH_PASSWD 1 | ||
69 | int sys_auth_passwd(Authctxt *, const char *); | ||
65 | # define CUSTOM_FAILED_LOGIN 1 | 70 | # define CUSTOM_FAILED_LOGIN 1 |
66 | void record_failed_login(const char *, const char *); | 71 | void record_failed_login(const char *, const char *); |
67 | #endif | 72 | #endif |
68 | 73 | ||
69 | int aix_authenticate(const char *, const char *, const char *); | ||
70 | void aix_setauthdb(const char *); | 74 | void aix_setauthdb(const char *); |
71 | void aix_restoreauthdb(void); | 75 | void aix_restoreauthdb(void); |
72 | void aix_remove_embedded_newlines(char *); | 76 | void aix_remove_embedded_newlines(char *); |