version 1.171, 2004/01/13 19:23:15 |
version 1.172, 2004/01/30 09:48:57 |
|
|
} |
} |
|
|
static void |
static void |
|
do_pwchange(Session *s) |
|
{ |
|
fprintf(stderr, "WARNING: Your password has expired.\n"); |
|
if (s->ttyfd != -1) { |
|
fprintf(stderr, |
|
"You must change your password now and login again!\n"); |
|
execl(_PATH_PASSWD_PROG, "passwd", (char *)NULL); |
|
perror("passwd"); |
|
} else { |
|
fprintf(stderr, |
|
"Password change required but no TTY available.\n"); |
|
} |
|
exit(1); |
|
} |
|
|
|
static void |
launch_login(struct passwd *pw, const char *hostname) |
launch_login(struct passwd *pw, const char *hostname) |
{ |
{ |
/* Launch login(1). */ |
/* Launch login(1). */ |
|
|
exit(1); |
exit(1); |
} |
} |
|
|
|
static void |
|
child_close_fds(void) |
|
{ |
|
int i; |
|
|
|
if (packet_get_connection_in() == packet_get_connection_out()) |
|
close(packet_get_connection_in()); |
|
else { |
|
close(packet_get_connection_in()); |
|
close(packet_get_connection_out()); |
|
} |
|
/* |
|
* Close all descriptors related to channels. They will still remain |
|
* open in the parent. |
|
*/ |
|
/* XXX better use close-on-exec? -markus */ |
|
channel_close_all(); |
|
|
|
/* |
|
* Close any extra file descriptors. Note that there may still be |
|
* descriptors left by system functions. They will be closed later. |
|
*/ |
|
endpwent(); |
|
|
|
/* |
|
* Close any extra open file descriptors so that we don\'t have them |
|
* hanging around in clients. Note that we want to do this after |
|
* initgroups, because at least on Solaris 2.3 it leaves file |
|
* descriptors open. |
|
*/ |
|
for (i = 3; i < 64; i++) |
|
close(i); |
|
} |
|
|
/* |
/* |
* Performs common processing for the child, such as setting up the |
* Performs common processing for the child, such as setting up the |
* environment, closing extra file descriptors, setting the user and group |
* environment, closing extra file descriptors, setting the user and group |
|
|
char *argv[10]; |
char *argv[10]; |
const char *shell, *shell0, *hostname = NULL; |
const char *shell, *shell0, *hostname = NULL; |
struct passwd *pw = s->pw; |
struct passwd *pw = s->pw; |
u_int i; |
|
|
|
/* remove hostkey from the child's memory */ |
/* remove hostkey from the child's memory */ |
destroy_sensitive_data(); |
destroy_sensitive_data(); |
|
|
|
/* Force a password change */ |
|
if (s->authctxt->force_pwchange) { |
|
do_setusercontext(pw); |
|
child_close_fds(); |
|
do_pwchange(s); |
|
exit(1); |
|
} |
|
|
/* login(1) is only called if we execute the login shell */ |
/* login(1) is only called if we execute the login shell */ |
if (options.use_login && command != NULL) |
if (options.use_login && command != NULL) |
options.use_login = 0; |
options.use_login = 0; |
|
|
* closed before building the environment, as we call |
* closed before building the environment, as we call |
* get_remote_ipaddr there. |
* get_remote_ipaddr there. |
*/ |
*/ |
if (packet_get_connection_in() == packet_get_connection_out()) |
child_close_fds(); |
close(packet_get_connection_in()); |
|
else { |
|
close(packet_get_connection_in()); |
|
close(packet_get_connection_out()); |
|
} |
|
/* |
|
* Close all descriptors related to channels. They will still remain |
|
* open in the parent. |
|
*/ |
|
/* XXX better use close-on-exec? -markus */ |
|
channel_close_all(); |
|
|
|
/* |
|
* Close any extra file descriptors. Note that there may still be |
|
* descriptors left by system functions. They will be closed later. |
|
*/ |
|
endpwent(); |
|
|
|
/* |
|
* Close any extra open file descriptors so that we don\'t have them |
|
* hanging around in clients. Note that we want to do this after |
|
* initgroups, because at least on Solaris 2.3 it leaves file |
|
* descriptors open. |
|
*/ |
|
for (i = 3; i < 64; i++) |
|
close(i); |
|
|
|
/* |
/* |
* Must take new environment into use so that .ssh/rc, |
* Must take new environment into use so that .ssh/rc, |