tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- (dtucker) [auth-sia.c] Bug #1241: support password expiry on Tru64 SIA 

systems.  Patch from R. Scott Bailey.
This commit is contained in:
Darren Tucker 2008-06-13 11:13:13 +10:00
parent c7e030fd78
commit 2c1eb82695
2 changed files with 56 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@ -158,6 +158,8 @@
takes 2 more args. with djm@ takes 2 more args. with djm@
- (dtucker) [defines.h] Bug #1112: __dead is, well dead. Based on a patch - (dtucker) [defines.h] Bug #1112: __dead is, well dead. Based on a patch
from Todd Vierling. from Todd Vierling.
- (dtucker) [auth-sia.c] Bug #1241: support password expiry on Tru64 SIA
systems. Patch from R. Scott Bailey.
20080611 20080611
- (djm) [channels.c configure.ac] - (djm) [channels.c configure.ac]
@ -4320,4 +4322,4 @@
OpenServer 6 and add osr5bigcrypt support so when someone migrates OpenServer 6 and add osr5bigcrypt support so when someone migrates
passwords between UnixWare and OpenServer they will still work. OK dtucker@ passwords between UnixWare and OpenServer they will still work. OK dtucker@
$Id: ChangeLog,v 1.4998 2008/06/13 00:58:50 dtucker Exp $ $Id: ChangeLog,v 1.4999 2008/06/13 01:13:13 dtucker Exp $

53
auth-sia.c
View File

@ -34,6 +34,10 @@
#include <unistd.h> #include <unistd.h>
#include <stdarg.h> #include <stdarg.h>
#include <string.h> #include <string.h>
#include <sys/types.h>
#include <sys/security.h>
#include <prot.h>
#include <time.h>
#include "ssh.h" #include "ssh.h"
#include "key.h" #include "key.h"
@ -49,6 +53,52 @@ extern ServerOptions options;
extern int saved_argc; extern int saved_argc;
extern char **saved_argv; extern char **saved_argv;
static int
sia_password_change_required(const char *user)
{
struct es_passwd *acct;
time_t pw_life;
time_t pw_date;
set_auth_parameters(saved_argc, saved_argv);
if ((acct = getespwnam(user)) == NULL) {
error("Couldn't access protected database entry for %s", user);
endprpwent();
return (0);
}
/* If forced password change flag is set, honor it */
if (acct->uflg->fg_psw_chg_reqd && acct->ufld->fd_psw_chg_reqd) {
endprpwent();
return (1);
}
/* Obtain password lifetime; if none, it can't have expired */
if (acct->uflg->fg_expire)
pw_life = acct->ufld->fd_expire;
else if (acct->sflg->fg_expire)
pw_life = acct->sfld->fd_expire;
else {
endprpwent();
return (0);
}
/* Offset from last change; if none, it must be expired */
if (acct->uflg->fg_schange)
pw_date = acct->ufld->fd_schange + pw_life;
else {
endprpwent();
return (1);
}
endprpwent();
/* If expiration date is prior to now, change password */
return (pw_date <= time((time_t *) NULL));
}
int int
sys_auth_passwd(Authctxt *authctxt, const char *pass) sys_auth_passwd(Authctxt *authctxt, const char *pass)
{ {
@ -76,6 +126,9 @@ sys_auth_passwd(Authctxt *authctxt, const char *pass)
sia_ses_release(&ent); sia_ses_release(&ent);
authctxt->force_pwchange = sia_password_change_required(
authctxt->user);
return (1); return (1);
} }