RepoMirrors/openssh
1
0
Fork 0
mirror of git://anongit.mindrot.org/openssh.git synced 2025-02-18 06:46:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

- otto@cvs.openbsd.org 2005/01/21 08:32:02

Browse Source 
[auth-passwd.c sshd.c]
     Warn in advance for password and account expiry; initialize loginmsg
     buffer earlier and clear it after privsep fork. ok and help dtucker@
     markus@
This commit is contained in:
Darren Tucker 2005-01-24 21:55:49 +11:00
parent 3c66080aa2
commit 5c14c73429
3 changed files with 63 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
ChangeLog
View File

@ -1,3 +1,11 @@
20050124
- (dtucker) OpenBSD CVS Sync
- otto@cvs.openbsd.org 2005/01/21 08:32:02
[auth-passwd.c sshd.c]
Warn in advance for password and account expiry; initialize loginmsg
buffer earlier and clear it after privsep fork. ok and help dtucker@
markus@
20050120 20050120
- (dtucker) OpenBSD CVS Sync - (dtucker) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2004/12/23 17:35:48 - markus@cvs.openbsd.org 2004/12/23 17:35:48
@ -2015,4 +2023,4 @@
- (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Trim deprecated options from INSTALL. Mention UsePAM
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
$Id: ChangeLog,v 1.3620 2005/01/20 11:20:50 dtucker Exp $ $Id: ChangeLog,v 1.3621 2005/01/24 10:55:49 dtucker Exp $

51
auth-passwd.c
View File

@ -36,17 +36,27 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: auth-passwd.c,v 1.31 2004/01/30 09:48:57 markus Exp $"); RCSID("$OpenBSD: auth-passwd.c,v 1.32 2005/01/21 08:32:02 otto Exp $");
#include "packet.h" #include "packet.h"
#include "buffer.h"
#include "log.h" #include "log.h"
#include "servconf.h" #include "servconf.h"
#include "auth.h" #include "auth.h"
#include "auth-options.h" #include "auth-options.h"
extern Buffer loginmsg;
extern ServerOptions options; extern ServerOptions options;
int sys_auth_passwd(Authctxt *, const char *); int sys_auth_passwd(Authctxt *, const char *);
#ifdef HAVE_LOGIN_CAP
extern login_cap_t *lc;
#endif
#define DAY (24L * 60 * 60) /* 1 day in seconds */
#define TWO_WEEKS (2L * 7 * DAY) /* 2 weeks in seconds */
void void
disable_forwarding(void) disable_forwarding(void)
{ {
@ -111,11 +121,46 @@ auth_password(Authctxt *authctxt, const char *password)
} }
#ifdef BSD_AUTH #ifdef BSD_AUTH
static void
warn_expiry(Authctxt *authctxt, auth_session_t *as)
{
char buf[256];
quad_t pwtimeleft, actimeleft, daysleft, pwwarntime, acwarntime;
pwwarntime = acwarntime = TWO_WEEKS;
pwtimeleft = auth_check_change(as);
actimeleft = auth_check_expire(as);
#if HAVE_LOGIN_CAP
if (authctxt->valid) {
pwwarntime = login_getcaptime(lc, "password-warn", TWO_WEEKS,
TWO_WEEKS);
acwarntime = login_getcaptime(lc, "expire-warn", TWO_WEEKS,
TWO_WEEKS);
}
#endif
if (pwtimeleft != 0 && pwtimeleft < pwwarntime) {
daysleft = pwtimeleft / DAY + 1;
snprintf(buf, sizeof(buf),
"Your password will expire in %lld day%s.\n",
daysleft, daysleft == 1 ? "" : "s");
buffer_append(&loginmsg, buf, strlen(buf));
}
if (actimeleft != 0 && actimeleft < acwarntime) {
daysleft = actimeleft / DAY + 1;
snprintf(buf, sizeof(buf),
"Your account will expire in %lld day%s.\n",
daysleft, daysleft == 1 ? "" : "s");
buffer_append(&loginmsg, buf, strlen(buf));
}
}
int int
sys_auth_passwd(Authctxt *authctxt, const char *password) sys_auth_passwd(Authctxt *authctxt, const char *password)
{ {
struct passwd *pw = authctxt->pw; struct passwd *pw = authctxt->pw;
auth_session_t *as; auth_session_t *as;
static int expire_checked = 0;
as = auth_usercheck(pw->pw_name, authctxt->style, "auth-ssh", as = auth_usercheck(pw->pw_name, authctxt->style, "auth-ssh",
(char *)password); (char *)password);
@ -125,6 +170,10 @@ sys_auth_passwd(Authctxt *authctxt, const char *password)
authctxt->force_pwchange = 1; authctxt->force_pwchange = 1;
return (1); return (1);
} else { } else {
if (!expire_checked) {
expire_checked = 1;
warn_expiry(authctxt, as);
}
return (auth_close(as)); return (auth_close(as));
} }
} }

11
sshd.c
View File

@ -42,7 +42,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: sshd.c,v 1.306 2005/01/17 22:48:39 dtucker Exp $"); RCSID("$OpenBSD: sshd.c,v 1.307 2005/01/21 08:32:02 otto Exp $");
#include <openssl/dh.h> #include <openssl/dh.h>
#include <openssl/bn.h> #include <openssl/bn.h>
@ -1664,9 +1664,6 @@ main(int ac, char **av)
packet_set_nonblocking(); packet_set_nonblocking();
/* prepare buffers to collect authentication messages */
buffer_init(&loginmsg);
/* allocate authentication context */ /* allocate authentication context */
authctxt = xmalloc(sizeof(*authctxt)); authctxt = xmalloc(sizeof(*authctxt));
memset(authctxt, 0, sizeof(*authctxt)); memset(authctxt, 0, sizeof(*authctxt));
@ -1674,13 +1671,13 @@ main(int ac, char **av)
/* XXX global for cleanup, access from other modules */ /* XXX global for cleanup, access from other modules */
the_authctxt = authctxt; the_authctxt = authctxt;
/* prepare buffer to collect messages to display to user after login */
buffer_init(&loginmsg);
if (use_privsep) if (use_privsep)
if (privsep_preauth(authctxt) == 1) if (privsep_preauth(authctxt) == 1)
goto authenticated; goto authenticated;
/* prepare buffer to collect messages to display to user after login */
buffer_init(&loginmsg);
/* perform the key exchange */ /* perform the key exchange */
/* authenticate user and start session */ /* authenticate user and start session */
if (compat20) { if (compat20) {