version 1.31, 2004/01/30 09:48:57 |
version 1.31.4.2, 2005/09/02 03:44:59 |
|
|
RCSID("$OpenBSD$"); |
RCSID("$OpenBSD$"); |
|
|
#include "packet.h" |
#include "packet.h" |
|
#include "buffer.h" |
#include "log.h" |
#include "log.h" |
#include "servconf.h" |
#include "servconf.h" |
#include "auth.h" |
#include "auth.h" |
#include "auth-options.h" |
#include "auth-options.h" |
|
|
|
extern Buffer loginmsg; |
extern ServerOptions options; |
extern ServerOptions options; |
int sys_auth_passwd(Authctxt *, const char *); |
int sys_auth_passwd(Authctxt *, const char *); |
|
|
|
#ifdef HAVE_LOGIN_CAP |
|
extern login_cap_t *lc; |
|
#endif |
|
|
|
|
|
#define DAY (24L * 60 * 60) /* 1 day in seconds */ |
|
#define TWO_WEEKS (2L * 7 * DAY) /* 2 weeks in seconds */ |
|
|
static void |
static void |
disable_forwarding(void) |
disable_forwarding(void) |
{ |
{ |
|
|
} |
} |
|
|
#ifdef BSD_AUTH |
#ifdef BSD_AUTH |
|
static void |
|
warn_expiry(Authctxt *authctxt, auth_session_t *as) |
|
{ |
|
char buf[256]; |
|
quad_t pwtimeleft, actimeleft, daysleft, pwwarntime, acwarntime; |
|
|
|
pwwarntime = acwarntime = TWO_WEEKS; |
|
|
|
pwtimeleft = auth_check_change(as); |
|
actimeleft = auth_check_expire(as); |
|
#ifdef HAVE_LOGIN_CAP |
|
if (authctxt->valid) { |
|
pwwarntime = login_getcaptime(lc, "password-warn", TWO_WEEKS, |
|
TWO_WEEKS); |
|
acwarntime = login_getcaptime(lc, "expire-warn", TWO_WEEKS, |
|
TWO_WEEKS); |
|
} |
|
#endif |
|
if (pwtimeleft != 0 && pwtimeleft < pwwarntime) { |
|
daysleft = pwtimeleft / DAY + 1; |
|
snprintf(buf, sizeof(buf), |
|
"Your password will expire in %lld day%s.\n", |
|
daysleft, daysleft == 1 ? "" : "s"); |
|
buffer_append(&loginmsg, buf, strlen(buf)); |
|
} |
|
if (actimeleft != 0 && actimeleft < acwarntime) { |
|
daysleft = actimeleft / DAY + 1; |
|
snprintf(buf, sizeof(buf), |
|
"Your account will expire in %lld day%s.\n", |
|
daysleft, daysleft == 1 ? "" : "s"); |
|
buffer_append(&loginmsg, buf, strlen(buf)); |
|
} |
|
} |
|
|
int |
int |
sys_auth_passwd(Authctxt *authctxt, const char *password) |
sys_auth_passwd(Authctxt *authctxt, const char *password) |
{ |
{ |
struct passwd *pw = authctxt->pw; |
struct passwd *pw = authctxt->pw; |
auth_session_t *as; |
auth_session_t *as; |
|
static int expire_checked = 0; |
|
|
as = auth_usercheck(pw->pw_name, authctxt->style, "auth-ssh", |
as = auth_usercheck(pw->pw_name, authctxt->style, "auth-ssh", |
(char *)password); |
(char *)password); |
|
if (as == NULL) |
|
return (0); |
if (auth_getstate(as) & AUTH_PWEXPIRED) { |
if (auth_getstate(as) & AUTH_PWEXPIRED) { |
auth_close(as); |
auth_close(as); |
disable_forwarding(); |
disable_forwarding(); |
authctxt->force_pwchange = 1; |
authctxt->force_pwchange = 1; |
return (1); |
return (1); |
} else { |
} else { |
|
if (!expire_checked) { |
|
expire_checked = 1; |
|
warn_expiry(authctxt, as); |
|
} |
return (auth_close(as)); |
return (auth_close(as)); |
} |
} |
} |
} |