diff options
| author | des <des@FreeBSD.org> | 2005-06-05 15:46:09 +0000 |
|---|---|---|
| committer | des <des@FreeBSD.org> | 2005-06-05 15:46:09 +0000 |
| commit | 983ad11a1c78949e86a0f51f51ef0d614cc5e665 (patch) | |
| tree | 7d41ca8690f59b7463bd4d5fefde78dac8a00e60 /crypto/openssh/auth-passwd.c | |
| parent | 3c5bc6b274083ffa3a7aa67e87c8936a1778eff5 (diff) | |
| download | FreeBSD-src-983ad11a1c78949e86a0f51f51ef0d614cc5e665.zip FreeBSD-src-983ad11a1c78949e86a0f51f51ef0d614cc5e665.tar.gz | |
Resolve conflicts.
Diffstat (limited to 'crypto/openssh/auth-passwd.c')
| -rw-r--r-- | crypto/openssh/auth-passwd.c | 64 |
1 files changed, 56 insertions, 8 deletions
diff --git a/crypto/openssh/auth-passwd.c b/crypto/openssh/auth-passwd.c index 1b39775..3ce5ba4 100644 --- a/crypto/openssh/auth-passwd.c +++ b/crypto/openssh/auth-passwd.c @@ -36,17 +36,26 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-passwd.c,v 1.31 2004/01/30 09:48:57 markus Exp $"); +RCSID("$OpenBSD: auth-passwd.c,v 1.33 2005/01/24 11:47:13 dtucker Exp $"); RCSID("$FreeBSD$"); #include "packet.h" +#include "buffer.h" #include "log.h" #include "servconf.h" #include "auth.h" #include "auth-options.h" +extern Buffer loginmsg; extern ServerOptions options; -int sys_auth_passwd(Authctxt *, const char *); + +#ifdef HAVE_LOGIN_CAP +extern login_cap_t *lc; +#endif + + +#define DAY (24L * 60 * 60) /* 1 day in seconds */ +#define TWO_WEEKS (2L * 7 * DAY) /* 2 weeks in seconds */ void disable_forwarding(void) @@ -64,7 +73,7 @@ int auth_password(Authctxt *authctxt, const char *password) { struct passwd * pw = authctxt->pw; - int ok = authctxt->valid; + int result, ok = authctxt->valid; #if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE) static int expire_checked = 0; #endif @@ -101,22 +110,57 @@ auth_password(Authctxt *authctxt, const char *password) #if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE) if (!expire_checked) { expire_checked = 1; - if (auth_shadow_pwexpired(authctxt)) { - disable_forwarding(); + if (auth_shadow_pwexpired(authctxt)) authctxt->force_pwchange = 1; - } } #endif - - return (sys_auth_passwd(authctxt, password) && ok); + result = sys_auth_passwd(authctxt, password); + if (authctxt->force_pwchange) + disable_forwarding(); + return (result && ok); } #ifdef BSD_AUTH +static void +warn_expiry(Authctxt *authctxt, auth_session_t *as) +{ + char buf[256]; + quad_t pwtimeleft, actimeleft, daysleft, pwwarntime, acwarntime; + + pwwarntime = acwarntime = TWO_WEEKS; + + pwtimeleft = auth_check_change(as); + actimeleft = auth_check_expire(as); +#ifdef HAVE_LOGIN_CAP + if (authctxt->valid) { + pwwarntime = login_getcaptime(lc, "password-warn", TWO_WEEKS, + TWO_WEEKS); + acwarntime = login_getcaptime(lc, "expire-warn", TWO_WEEKS, + TWO_WEEKS); + } +#endif + if (pwtimeleft != 0 && pwtimeleft < pwwarntime) { + daysleft = pwtimeleft / DAY + 1; + snprintf(buf, sizeof(buf), + "Your password will expire in %lld day%s.\n", + daysleft, daysleft == 1 ? "" : "s"); + buffer_append(&loginmsg, buf, strlen(buf)); + } + if (actimeleft != 0 && actimeleft < acwarntime) { + daysleft = actimeleft / DAY + 1; + snprintf(buf, sizeof(buf), + "Your account will expire in %lld day%s.\n", + daysleft, daysleft == 1 ? "" : "s"); + buffer_append(&loginmsg, buf, strlen(buf)); + } +} + int sys_auth_passwd(Authctxt *authctxt, const char *password) { struct passwd *pw = authctxt->pw; auth_session_t *as; + static int expire_checked = 0; as = auth_usercheck(pw->pw_name, authctxt->style, "auth-ssh", (char *)password); @@ -126,6 +170,10 @@ sys_auth_passwd(Authctxt *authctxt, const char *password) authctxt->force_pwchange = 1; return (1); } else { + if (!expire_checked) { + expire_checked = 1; + warn_expiry(authctxt, as); + } return (auth_close(as)); } } |
