Minor fixes to agent updates
This commit is contained in:
Manoj Ampalam
parent
d6d93e6446
commit
6b7d17dd27
|
|
@ -155,23 +155,23 @@ warn_expiry(Authctxt *authctxt, auth_session_t *as)
|
|||
#ifdef HAVE_LOGIN_CAP
|
||||
if (authctxt->valid) {
|
||||
pwwarntime = login_getcaptime(lc, "password-warn", TWO_WEEKS,
|
||||
TWO_WEEKS);
|
||||
TWO_WEEKS);
|
||||
acwarntime = login_getcaptime(lc, "expire-warn", TWO_WEEKS,
|
||||
TWO_WEEKS);
|
||||
TWO_WEEKS);
|
||||
}
|
||||
#endif
|
||||
if (pwtimeleft != 0 && pwtimeleft < pwwarntime) {
|
||||
daysleft = pwtimeleft / DAY + 1;
|
||||
snprintf(buf, sizeof(buf),
|
||||
"Your password will expire in %lld day%s.\n",
|
||||
daysleft, daysleft == 1 ? "" : "s");
|
||||
"Your password will expire in %lld day%s.\n",
|
||||
daysleft, daysleft == 1 ? "" : "s");
|
||||
buffer_append(&loginmsg, buf, strlen(buf));
|
||||
}
|
||||
if (actimeleft != 0 && actimeleft < acwarntime) {
|
||||
daysleft = actimeleft / DAY + 1;
|
||||
snprintf(buf, sizeof(buf),
|
||||
"Your account will expire in %lld day%s.\n",
|
||||
daysleft, daysleft == 1 ? "" : "s");
|
||||
"Your account will expire in %lld day%s.\n",
|
||||
daysleft, daysleft == 1 ? "" : "s");
|
||||
buffer_append(&loginmsg, buf, strlen(buf));
|
||||
}
|
||||
}
|
||||
|
|
@ -184,7 +184,7 @@ sys_auth_passwd(Authctxt *authctxt, const char *password)
|
|||
static int expire_checked = 0;
|
||||
|
||||
as = auth_usercheck(pw->pw_name, authctxt->style, "auth-ssh",
|
||||
(char *)password);
|
||||
(char *)password);
|
||||
if (as == NULL)
|
||||
return (0);
|
||||
if (auth_getstate(as) & AUTH_PWEXPIRED) {
|
||||
|
|
@ -192,8 +192,7 @@ sys_auth_passwd(Authctxt *authctxt, const char *password)
|
|||
disable_forwarding();
|
||||
authctxt->force_pwchange = 1;
|
||||
return (1);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
if (!expire_checked) {
|
||||
expire_checked = 1;
|
||||
warn_expiry(authctxt, as);
|
||||
|
|
@ -258,13 +257,13 @@ sys_auth_passwd(Authctxt *authctxt, const char *password)
|
|||
|
||||
/* Encrypt the candidate password using the proper salt. */
|
||||
encrypted_password = xcrypt(password,
|
||||
(pw_password[0] && pw_password[1]) ? pw_password : "xx");
|
||||
(pw_password[0] && pw_password[1]) ? pw_password : "xx");
|
||||
|
||||
/*
|
||||
* Authentication is accepted if the encrypted passwords
|
||||
* are identical.
|
||||
*/
|
||||
return encrypted_password != NULL &&
|
||||
strcmp(encrypted_password, pw_password) == 0;
|
||||
strcmp(encrypted_password, pw_password) == 0;
|
||||
}
|
||||
#endif
|
||||
|
|
|
|||
|
|
@ -165,7 +165,7 @@ char *GetHomeDirFromToken(char *userName, HANDLE token)
|
|||
RegCloseKey(reg_key);
|
||||
|
||||
{ /* retrieve and set env variables. */
|
||||
/* TODO - Get away with fixed limits and dynamically allocated required memory*/
|
||||
/* TODO - Get away with fixed limits and dynamically allocate required memory, cleanup this logic*/
|
||||
#define MAX_VALUE_LEN 1000
|
||||
#define MAX_DATA_LEN 2000
|
||||
#define MAX_EXPANDED_DATA_LEN 5000
|
||||
|
|
@ -176,7 +176,8 @@ char *GetHomeDirFromToken(char *userName, HANDLE token)
|
|||
int i;
|
||||
LONG ret;
|
||||
|
||||
ImpersonateLoggedOnUser(token);
|
||||
if (ImpersonateLoggedOnUser(token) == FALSE)
|
||||
debug("Failed to impersonate user token, %d", GetLastError());
|
||||
SET_USER_ENV(FOLDERID_LocalAppData, L"LOCALAPPDATA");
|
||||
SET_USER_ENV(FOLDERID_Profile, L"USERPROFILE");
|
||||
SET_USER_ENV(FOLDERID_RoamingAppData, L"APPDATA");
|
||||
|
|
|
|||
|
|
@ -201,7 +201,7 @@ generate_user_token(wchar_t* user) {
|
|||
&token,
|
||||
"as,
|
||||
&subStatus) != STATUS_SUCCESS) {
|
||||
debug("LsaLogonUser failed");
|
||||
debug("LsaLogonUser failed %d", ret);
|
||||
goto done;
|
||||
}
|
||||
|
||||
|
|
@ -256,12 +256,16 @@ int process_passwordauth_request(struct sshbuf* request, struct sshbuf* response
|
|||
*tmp = L'\0';
|
||||
}
|
||||
|
||||
if (LogonUserW(userW, domW, pwdW, LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, &token) == FALSE ||
|
||||
(FALSE == GetNamedPipeClientProcessId(con->connection, &client_pid)) ||
|
||||
((client_proc = OpenProcess(PROCESS_DUP_HANDLE, FALSE, client_pid)) == NULL) ||
|
||||
(FALSE == DuplicateHandle(GetCurrentProcess(), token, client_proc, &dup_token, TOKEN_QUERY | TOKEN_IMPERSONATE, FALSE, DUPLICATE_SAME_ACCESS)) ||
|
||||
(sshbuf_put_u32(response, dup_token) != 0)) {
|
||||
debug("failed to authenticate user");
|
||||
if (LogonUserW(userW, domW, pwdW, LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, &token) == FALSE) {
|
||||
debug("failed to logon user");
|
||||
goto done;
|
||||
}
|
||||
|
||||
if ((FALSE == GetNamedPipeClientProcessId(con->connection, &client_pid)) ||
|
||||
((client_proc = OpenProcess(PROCESS_DUP_HANDLE, FALSE, client_pid)) == NULL) ||
|
||||
(FALSE == DuplicateHandle(GetCurrentProcess(), token, client_proc, &dup_token, TOKEN_QUERY | TOKEN_IMPERSONATE, FALSE, DUPLICATE_SAME_ACCESS)) ||
|
||||
(sshbuf_put_u32(response, dup_token) != 0)) {
|
||||
debug("failed to duplicate user token");
|
||||
goto done;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -167,6 +167,7 @@ done:
|
|||
return r;
|
||||
}
|
||||
|
||||
/* TODO - move this to common header*/
|
||||
#define SSH_AGENT_AUTHENTICATE 100
|
||||
|
||||
static int
|
||||
|
|
|
|||
Loading…
Reference in New Issue