Bugzilla – Attachment 541 Details for
Bug 14
Can't change expired /etc/shadow password without PAM
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Hook AIX password expiry into do_pwchange
openssh-aix-pwexp.patch (text/plain), 4.66 KB, created by
Darren Tucker
on 2004-02-08 12:38:37 AEDT
(
hide
)
Description:
Hook AIX password expiry into do_pwchange
Filename:
MIME Type:
Creator:
Darren Tucker
Created:
2004-02-08 12:38:37 AEDT
Size:
4.66 KB
patch
obsolete
>Index: auth-passwd.c >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth-passwd.c,v >retrieving revision 1.68 >diff -u -p -r1.68 auth-passwd.c >--- auth-passwd.c 6 Feb 2004 05:38:16 -0000 1.68 >+++ auth-passwd.c 8 Feb 2004 01:08:11 -0000 >@@ -43,14 +43,11 @@ RCSID("$OpenBSD: auth-passwd.c,v 1.31 20 > #include "servconf.h" > #include "auth.h" > #include "auth-options.h" >-#ifdef WITH_AIXAUTHENTICATE >-# include "canohost.h" >-#endif > > extern ServerOptions options; > int sys_auth_passwd(Authctxt *, const char *); > >-static void >+void > disable_forwarding(void) > { > no_port_forwarding_flag = 1; >@@ -121,14 +118,7 @@ sys_auth_passwd(Authctxt *authctxt, cons > return (auth_close(as)); > } > } >-#elif defined(WITH_AIXAUTHENTICATE) >-int >-sys_auth_passwd(Authctxt *authctxt, const char *password) >-{ >- return (aix_authenticate(authctxt->pw->pw_name, password, >- get_canonical_hostname(options.use_dns))); >-} >-#else >+#elif !defined(CUSTOM_SYS_AUTH_PASSWD) > int > sys_auth_passwd(Authctxt *authctxt, const char *password) > { >Index: auth.h >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth.h,v >retrieving revision 1.56 >diff -u -p -r1.56 auth.h >--- auth.h 6 Feb 2004 05:38:16 -0000 1.56 >+++ auth.h 8 Feb 2004 01:09:51 -0000 >@@ -123,6 +123,7 @@ void krb5_cleanup_proc(Authctxt *authctx > #endif /* KRB5 */ > > #include "auth-pam.h" >+void disable_forwarding(void); > > void do_authentication(Authctxt *); > void do_authentication2(Authctxt *); >Index: openbsd-compat/port-aix.c >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/openbsd-compat/port-aix.c,v >retrieving revision 1.17 >diff -u -p -r1.17 port-aix.c >--- openbsd-compat/port-aix.c 6 Feb 2004 05:17:52 -0000 1.17 >+++ openbsd-compat/port-aix.c 8 Feb 2004 01:29:32 -0000 >@@ -98,10 +98,10 @@ aix_remove_embedded_newlines(char *p) > * returns 0. > */ > int >-aix_authenticate(const char *name, const char *password, const char *host) >+sys_auth_passwd(Authctxt *ctxt, const char *password) > { >- char *authmsg = NULL, *msg; >- int authsuccess = 0, reenter, result; >+ char *authmsg = NULL, *host, *msg, *name = ctxt->pw->pw_name; >+ int authsuccess = 0, expired, reenter, result; > > do { > result = authenticate((char *)name, (char *)password, &reenter, >@@ -114,7 +114,12 @@ aix_authenticate(const char *name, const > if (result == 0) { > authsuccess = 1; > >- /* No pty yet, so just label the line as "ssh" */ >+ host = (char *)get_canonical_hostname(options.use_dns); >+ >+ /* >+ * Record successful login. We don't have a pty yet, so just >+ * label the line as "ssh" >+ */ > aix_setauthdb(name); > if (loginsuccess((char *)name, (char *)host, "ssh", &msg) == 0) { > if (msg != NULL) { >@@ -123,6 +128,32 @@ aix_authenticate(const char *name, const > xfree(msg); > } > } >+ >+ /* >+ * Check if the user's password is expired. >+ */ >+ expired = passwdexpired(name, &msg); >+ if (msg && *msg) { >+ buffer_append(&loginmsg, msg, strlen(msg)); >+ aix_remove_embedded_newlines(msg); >+ } >+ debug3("AIX/passwdexpired returned %d msg %.100s", result, msg); >+ >+ switch (expired) { >+ case 0: /* password not expired */ >+ break; >+ case 1: /* expired, password change required */ >+ ctxt->force_pwchange = 1; >+ disable_forwarding(); >+ break; >+ default: /* user can't change(2) or other error (-1) */ >+ logit("Password can't be changed for user %s: %.100s", >+ name, msg); >+ if (msg) >+ xfree(msg); >+ authsuccess = 0; >+ } >+ > aix_restoreauthdb(); > } > >Index: openbsd-compat/port-aix.h >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/openbsd-compat/port-aix.h,v >retrieving revision 1.17 >diff -u -p -r1.17 port-aix.h >--- openbsd-compat/port-aix.h 6 Feb 2004 05:17:52 -0000 1.17 >+++ openbsd-compat/port-aix.h 8 Feb 2004 01:12:36 -0000 >@@ -36,6 +36,9 @@ > # include <usersec.h> > #endif > >+/* For Authctxt */ >+#include "auth.h" >+ > /* Some versions define r_type in the above headers, which causes a conflict */ > #ifdef r_type > # undef r_type >@@ -62,11 +65,12 @@ > void aix_usrinfo(struct passwd *); > > #ifdef WITH_AIXAUTHENTICATE >+# define CUSTOM_SYS_AUTH_PASSWD 1 >+int sys_auth_passwd(Authctxt *, const char *); > # define CUSTOM_FAILED_LOGIN 1 > void record_failed_login(const char *, const char *); > #endif > >-int aix_authenticate(const char *, const char *, const char *); > void aix_setauthdb(const char *); > void aix_restoreauthdb(void); > void aix_remove_embedded_newlines(char *);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=541">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
djm
:
ok+
Actions:
View
|
Diff
Attachments on
bug 14
:
5
|
199
|
200
|
201
|
205
|
215
|
234
|
240
|
248
|
278
|
540
| 541 |
542
|
543
|
544