version 1.45, 2016/07/21 01:39:35 |
version 1.46, 2018/03/03 03:15:51 |
|
|
|
|
extern Buffer loginmsg; |
extern Buffer loginmsg; |
extern ServerOptions options; |
extern ServerOptions options; |
int sys_auth_passwd(Authctxt *, const char *); |
int sys_auth_passwd(struct ssh *, const char *); |
|
|
extern login_cap_t *lc; |
extern login_cap_t *lc; |
|
|
|
|
|
|
#define MAX_PASSWORD_LEN 1024 |
#define MAX_PASSWORD_LEN 1024 |
|
|
static void |
|
disable_forwarding(void) |
|
{ |
|
no_port_forwarding_flag = 1; |
|
no_agent_forwarding_flag = 1; |
|
no_x11_forwarding_flag = 1; |
|
} |
|
|
|
/* |
/* |
* Tries to authenticate the user using password. Returns true if |
* Tries to authenticate the user using password. Returns true if |
* authentication succeeds. |
* authentication succeeds. |
*/ |
*/ |
int |
int |
auth_password(Authctxt *authctxt, const char *password) |
auth_password(struct ssh *ssh, const char *password) |
{ |
{ |
struct passwd * pw = authctxt->pw; |
Authctxt *authctxt = ssh->authctxt; |
|
struct passwd *pw = authctxt->pw; |
int ok = authctxt->valid; |
int ok = authctxt->valid; |
|
|
if (strlen(password) > MAX_PASSWORD_LEN) |
if (strlen(password) > MAX_PASSWORD_LEN) |
|
|
/* Fall back to ordinary passwd authentication. */ |
/* Fall back to ordinary passwd authentication. */ |
} |
} |
#endif |
#endif |
return (sys_auth_passwd(authctxt, password) && ok); |
return (sys_auth_passwd(ssh, password) && ok); |
} |
} |
|
|
static void |
static void |
|
|
} |
} |
|
|
int |
int |
sys_auth_passwd(Authctxt *authctxt, const char *password) |
sys_auth_passwd(struct ssh *ssh, const char *password) |
{ |
{ |
struct passwd *pw = authctxt->pw; |
Authctxt *authctxt = ssh->authctxt; |
auth_session_t *as; |
auth_session_t *as; |
static int expire_checked = 0; |
static int expire_checked = 0; |
|
|
as = auth_usercheck(pw->pw_name, authctxt->style, "auth-ssh", |
as = auth_usercheck(authctxt->pw->pw_name, authctxt->style, "auth-ssh", |
(char *)password); |
(char *)password); |
if (as == NULL) |
if (as == NULL) |
return (0); |
return (0); |
if (auth_getstate(as) & AUTH_PWEXPIRED) { |
if (auth_getstate(as) & AUTH_PWEXPIRED) { |
auth_close(as); |
auth_close(as); |
disable_forwarding(); |
auth_restrict_session(ssh); |
authctxt->force_pwchange = 1; |
authctxt->force_pwchange = 1; |
return (1); |
return (1); |
} else { |
} else { |