зеркало из https://github.com/Azure/sonic-openssh.git
- (dtucker) [auth-passwd.c auth.h openbsd-compat/port-aix.c
openbsd-compat/port-aix.h] Bug #14: Use do_pwchange to support AIX's native password expiry.
This commit is contained in:
Darren Tucker
Родитель
693f8a8aae
Коммит
e3dba82dd4
|
|
@ -1,3 +1,8 @@
|
|||
20040210
|
||||
- (dtucker) [auth-passwd.c auth.h openbsd-compat/port-aix.c
|
||||
openbsd-compat/port-aix.h] Bug #14: Use do_pwchange to support AIX's
|
||||
native password expiry.
|
||||
|
||||
20040207
|
||||
- (dtucker) OpenBSD CVS Sync
|
||||
- dtucker@cvs.openbsd.org 2004/02/06 23:41:13
|
||||
|
|
@ -1820,4 +1825,4 @@
|
|||
- Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
|
||||
Report from murple@murple.net, diagnosis from dtucker@zip.com.au
|
||||
|
||||
$Id: ChangeLog,v 1.3217 2004/02/07 01:29:39 dtucker Exp $
|
||||
$Id: ChangeLog,v 1.3218 2004/02/10 01:50:19 dtucker Exp $
|
||||
|
|
|
|||
|
|
@ -43,14 +43,11 @@ RCSID("$OpenBSD: auth-passwd.c,v 1.31 2004/01/30 09:48:57 markus Exp $");
|
|||
#include "servconf.h"
|
||||
#include "auth.h"
|
||||
#include "auth-options.h"
|
||||
#ifdef WITH_AIXAUTHENTICATE
|
||||
# include "canohost.h"
|
||||
#endif
|
||||
|
||||
extern ServerOptions options;
|
||||
int sys_auth_passwd(Authctxt *, const char *);
|
||||
|
||||
static void
|
||||
void
|
||||
disable_forwarding(void)
|
||||
{
|
||||
no_port_forwarding_flag = 1;
|
||||
|
|
@ -121,14 +118,7 @@ sys_auth_passwd(Authctxt *authctxt, const char *password)
|
|||
return (auth_close(as));
|
||||
}
|
||||
}
|
||||
#elif defined(WITH_AIXAUTHENTICATE)
|
||||
int
|
||||
sys_auth_passwd(Authctxt *authctxt, const char *password)
|
||||
{
|
||||
return (aix_authenticate(authctxt->pw->pw_name, password,
|
||||
get_canonical_hostname(options.use_dns)));
|
||||
}
|
||||
#else
|
||||
#elif !defined(CUSTOM_SYS_AUTH_PASSWD)
|
||||
int
|
||||
sys_auth_passwd(Authctxt *authctxt, const char *password)
|
||||
{
|
||||
|
|
|
|||
1
auth.h
1
auth.h
|
|
@ -123,6 +123,7 @@ void krb5_cleanup_proc(Authctxt *authctxt);
|
|||
#endif /* KRB5 */
|
||||
|
||||
#include "auth-pam.h"
|
||||
void disable_forwarding(void);
|
||||
|
||||
void do_authentication(Authctxt *);
|
||||
void do_authentication2(Authctxt *);
|
||||
|
|
|
|||
|
|
@ -98,10 +98,10 @@ aix_remove_embedded_newlines(char *p)
|
|||
* returns 0.
|
||||
*/
|
||||
int
|
||||
aix_authenticate(const char *name, const char *password, const char *host)
|
||||
sys_auth_passwd(Authctxt *ctxt, const char *password)
|
||||
{
|
||||
char *authmsg = NULL, *msg;
|
||||
int authsuccess = 0, reenter, result;
|
||||
char *authmsg = NULL, *host, *msg, *name = ctxt->pw->pw_name;
|
||||
int authsuccess = 0, expired, reenter, result;
|
||||
|
||||
do {
|
||||
result = authenticate((char *)name, (char *)password, &reenter,
|
||||
|
|
@ -114,7 +114,12 @@ aix_authenticate(const char *name, const char *password, const char *host)
|
|||
if (result == 0) {
|
||||
authsuccess = 1;
|
||||
|
||||
/* No pty yet, so just label the line as "ssh" */
|
||||
host = (char *)get_canonical_hostname(options.use_dns);
|
||||
|
||||
/*
|
||||
* Record successful login. We don't have a pty yet, so just
|
||||
* label the line as "ssh"
|
||||
*/
|
||||
aix_setauthdb(name);
|
||||
if (loginsuccess((char *)name, (char *)host, "ssh", &msg) == 0) {
|
||||
if (msg != NULL) {
|
||||
|
|
@ -123,6 +128,32 @@ aix_authenticate(const char *name, const char *password, const char *host)
|
|||
xfree(msg);
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Check if the user's password is expired.
|
||||
*/
|
||||
expired = passwdexpired(name, &msg);
|
||||
if (msg && *msg) {
|
||||
buffer_append(&loginmsg, msg, strlen(msg));
|
||||
aix_remove_embedded_newlines(msg);
|
||||
}
|
||||
debug3("AIX/passwdexpired returned %d msg %.100s", expired, msg);
|
||||
|
||||
switch (expired) {
|
||||
case 0: /* password not expired */
|
||||
break;
|
||||
case 1: /* expired, password change required */
|
||||
ctxt->force_pwchange = 1;
|
||||
disable_forwarding();
|
||||
break;
|
||||
default: /* user can't change(2) or other error (-1) */
|
||||
logit("Password can't be changed for user %s: %.100s",
|
||||
name, msg);
|
||||
if (msg)
|
||||
xfree(msg);
|
||||
authsuccess = 0;
|
||||
}
|
||||
|
||||
aix_restoreauthdb();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $Id: port-aix.h,v 1.17 2004/02/06 05:17:52 dtucker Exp $ */
|
||||
/* $Id: port-aix.h,v 1.18 2004/02/10 01:50:20 dtucker Exp $ */
|
||||
|
||||
/*
|
||||
*
|
||||
|
|
@ -36,6 +36,9 @@
|
|||
# include <usersec.h>
|
||||
#endif
|
||||
|
||||
/* For Authctxt */
|
||||
#include "auth.h"
|
||||
|
||||
/* Some versions define r_type in the above headers, which causes a conflict */
|
||||
#ifdef r_type
|
||||
# undef r_type
|
||||
|
|
@ -62,11 +65,12 @@
|
|||
void aix_usrinfo(struct passwd *);
|
||||
|
||||
#ifdef WITH_AIXAUTHENTICATE
|
||||
# define CUSTOM_SYS_AUTH_PASSWD 1
|
||||
int sys_auth_passwd(Authctxt *, const char *);
|
||||
# define CUSTOM_FAILED_LOGIN 1
|
||||
void record_failed_login(const char *, const char *);
|
||||
#endif
|
||||
|
||||
int aix_authenticate(const char *, const char *, const char *);
|
||||
void aix_setauthdb(const char *);
|
||||
void aix_restoreauthdb(void);
|
||||
void aix_remove_embedded_newlines(char *);
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче