mirror of
git://anongit.mindrot.org/openssh.git
synced 2025-02-02 07:01:52 +00:00
- (dtucker) [auth-sia.c] Bug #1241: support password expiry on Tru64 SIA
systems. Patch from R. Scott Bailey.
This commit is contained in:
Darren Tucker
parent
c7e030fd78
commit
2c1eb82695
@ -158,6 +158,8 @@
|
||||
takes 2 more args. with djm@
|
||||
- (dtucker) [defines.h] Bug #1112: __dead is, well dead. Based on a patch
|
||||
from Todd Vierling.
|
||||
- (dtucker) [auth-sia.c] Bug #1241: support password expiry on Tru64 SIA
|
||||
systems. Patch from R. Scott Bailey.
|
||||
|
||||
20080611
|
||||
- (djm) [channels.c configure.ac]
|
||||
@ -4320,4 +4322,4 @@
|
||||
OpenServer 6 and add osr5bigcrypt support so when someone migrates
|
||||
passwords between UnixWare and OpenServer they will still work. OK dtucker@
|
||||
|
||||
$Id: ChangeLog,v 1.4998 2008/06/13 00:58:50 dtucker Exp $
|
||||
$Id: ChangeLog,v 1.4999 2008/06/13 01:13:13 dtucker Exp $
|
||||
|
||||
53
auth-sia.c
53
auth-sia.c
@ -34,6 +34,10 @@
|
||||
#include <unistd.h>
|
||||
#include <stdarg.h>
|
||||
#include <string.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/security.h>
|
||||
#include <prot.h>
|
||||
#include <time.h>
|
||||
|
||||
#include "ssh.h"
|
||||
#include "key.h"
|
||||
@ -49,6 +53,52 @@ extern ServerOptions options;
|
||||
extern int saved_argc;
|
||||
extern char **saved_argv;
|
||||
|
||||
static int
|
||||
sia_password_change_required(const char *user)
|
||||
{
|
||||
struct es_passwd *acct;
|
||||
time_t pw_life;
|
||||
time_t pw_date;
|
||||
|
||||
set_auth_parameters(saved_argc, saved_argv);
|
||||
|
||||
if ((acct = getespwnam(user)) == NULL) {
|
||||
error("Couldn't access protected database entry for %s", user);
|
||||
endprpwent();
|
||||
return (0);
|
||||
}
|
||||
|
||||
/* If forced password change flag is set, honor it */
|
||||
if (acct->uflg->fg_psw_chg_reqd && acct->ufld->fd_psw_chg_reqd) {
|
||||
endprpwent();
|
||||
return (1);
|
||||
}
|
||||
|
||||
/* Obtain password lifetime; if none, it can't have expired */
|
||||
if (acct->uflg->fg_expire)
|
||||
pw_life = acct->ufld->fd_expire;
|
||||
else if (acct->sflg->fg_expire)
|
||||
pw_life = acct->sfld->fd_expire;
|
||||
else {
|
||||
endprpwent();
|
||||
return (0);
|
||||
}
|
||||
|
||||
/* Offset from last change; if none, it must be expired */
|
||||
if (acct->uflg->fg_schange)
|
||||
pw_date = acct->ufld->fd_schange + pw_life;
|
||||
else {
|
||||
endprpwent();
|
||||
return (1);
|
||||
}
|
||||
|
||||
endprpwent();
|
||||
|
||||
/* If expiration date is prior to now, change password */
|
||||
|
||||
return (pw_date <= time((time_t *) NULL));
|
||||
}
|
||||
|
||||
int
|
||||
sys_auth_passwd(Authctxt *authctxt, const char *pass)
|
||||
{
|
||||
@ -76,6 +126,9 @@ sys_auth_passwd(Authctxt *authctxt, const char *pass)
|
||||
|
||||
sia_ses_release(&ent);
|
||||
|
||||
authctxt->force_pwchange = sia_password_change_required(
|
||||
authctxt->user);
|
||||
|
||||
return (1);
|
||||
}
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user