diff options
Diffstat (limited to 'auth-passwd.c')
-rw-r--r-- | auth-passwd.c | 30 |
1 files changed, 12 insertions, 18 deletions
diff --git a/auth-passwd.c b/auth-passwd.c index 996c2cf71..6097fdd24 100644 --- a/auth-passwd.c +++ b/auth-passwd.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth-passwd.c,v 1.45 2016/07/21 01:39:35 dtucker Exp $ */ | 1 | /* $OpenBSD: auth-passwd.c,v 1.46 2018/03/03 03:15:51 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -68,22 +68,15 @@ extern login_cap_t *lc; | |||
68 | 68 | ||
69 | #define MAX_PASSWORD_LEN 1024 | 69 | #define MAX_PASSWORD_LEN 1024 |
70 | 70 | ||
71 | void | ||
72 | disable_forwarding(void) | ||
73 | { | ||
74 | no_port_forwarding_flag = 1; | ||
75 | no_agent_forwarding_flag = 1; | ||
76 | no_x11_forwarding_flag = 1; | ||
77 | } | ||
78 | |||
79 | /* | 71 | /* |
80 | * Tries to authenticate the user using password. Returns true if | 72 | * Tries to authenticate the user using password. Returns true if |
81 | * authentication succeeds. | 73 | * authentication succeeds. |
82 | */ | 74 | */ |
83 | int | 75 | int |
84 | auth_password(Authctxt *authctxt, const char *password) | 76 | auth_password(struct ssh *ssh, const char *password) |
85 | { | 77 | { |
86 | struct passwd * pw = authctxt->pw; | 78 | Authctxt *authctxt = ssh->authctxt; |
79 | struct passwd *pw = authctxt->pw; | ||
87 | int result, ok = authctxt->valid; | 80 | int result, ok = authctxt->valid; |
88 | #if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE) | 81 | #if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE) |
89 | static int expire_checked = 0; | 82 | static int expire_checked = 0; |
@@ -128,9 +121,9 @@ auth_password(Authctxt *authctxt, const char *password) | |||
128 | authctxt->force_pwchange = 1; | 121 | authctxt->force_pwchange = 1; |
129 | } | 122 | } |
130 | #endif | 123 | #endif |
131 | result = sys_auth_passwd(authctxt, password); | 124 | result = sys_auth_passwd(ssh, password); |
132 | if (authctxt->force_pwchange) | 125 | if (authctxt->force_pwchange) |
133 | disable_forwarding(); | 126 | auth_restrict_session(ssh); |
134 | return (result && ok); | 127 | return (result && ok); |
135 | } | 128 | } |
136 | 129 | ||
@@ -170,19 +163,19 @@ warn_expiry(Authctxt *authctxt, auth_session_t *as) | |||
170 | } | 163 | } |
171 | 164 | ||
172 | int | 165 | int |
173 | sys_auth_passwd(Authctxt *authctxt, const char *password) | 166 | sys_auth_passwd(struct ssh *ssh, const char *password) |
174 | { | 167 | { |
175 | struct passwd *pw = authctxt->pw; | 168 | Authctxt *authctxt = ssh->authctxt; |
176 | auth_session_t *as; | 169 | auth_session_t *as; |
177 | static int expire_checked = 0; | 170 | static int expire_checked = 0; |
178 | 171 | ||
179 | as = auth_usercheck(pw->pw_name, authctxt->style, "auth-ssh", | 172 | as = auth_usercheck(authctxt->pw->pw_name, authctxt->style, "auth-ssh", |
180 | (char *)password); | 173 | (char *)password); |
181 | if (as == NULL) | 174 | if (as == NULL) |
182 | return (0); | 175 | return (0); |
183 | if (auth_getstate(as) & AUTH_PWEXPIRED) { | 176 | if (auth_getstate(as) & AUTH_PWEXPIRED) { |
184 | auth_close(as); | 177 | auth_close(as); |
185 | disable_forwarding(); | 178 | auth_restrict_session(ssh); |
186 | authctxt->force_pwchange = 1; | 179 | authctxt->force_pwchange = 1; |
187 | return (1); | 180 | return (1); |
188 | } else { | 181 | } else { |
@@ -195,8 +188,9 @@ sys_auth_passwd(Authctxt *authctxt, const char *password) | |||
195 | } | 188 | } |
196 | #elif !defined(CUSTOM_SYS_AUTH_PASSWD) | 189 | #elif !defined(CUSTOM_SYS_AUTH_PASSWD) |
197 | int | 190 | int |
198 | sys_auth_passwd(Authctxt *authctxt, const char *password) | 191 | sys_auth_passwd(struct ssh *ssh, const char *password) |
199 | { | 192 | { |
193 | Authctxt *authctxt = ssh->authctxt; | ||
200 | struct passwd *pw = authctxt->pw; | 194 | struct passwd *pw = authctxt->pw; |
201 | char *encrypted_password, *salt = NULL; | 195 | char *encrypted_password, *salt = NULL; |
202 | 196 | ||