- if (pwtimeleft != 0 && pwtimeleft < pwwarntime) {
- daysleft = pwtimeleft / DAY + 1;
- snprintf(buf, sizeof(buf),
- "Your password will expire in %lld day%s.\n",
- daysleft, daysleft == 1 ? "" : "s");
- buffer_append(&loginmsg, buf, strlen(buf));
- }
- if (actimeleft != 0 && actimeleft < acwarntime) {
- daysleft = actimeleft / DAY + 1;
- snprintf(buf, sizeof(buf),
- "Your account will expire in %lld day%s.\n",
- daysleft, daysleft == 1 ? "" : "s");
- buffer_append(&loginmsg, buf, strlen(buf));
- }
-}
-
-int
-sys_auth_passwd(Authctxt *authctxt, const char *password)
-{
- struct passwd *pw = authctxt->pw;
- auth_session_t *as;
- static int expire_checked = 0;
-
- as = auth_usercheck(pw->pw_name, authctxt->style, "auth-ssh",
- (char *)password);
- if (auth_getstate(as) & AUTH_PWEXPIRED) {
- auth_close(as);
- disable_forwarding();
- authctxt->force_pwchange = 1;
- return (1);
- } else {
- if (!expire_checked) {
- expire_checked = 1;
- warn_expiry(authctxt, as);
- }
- return (auth_close(as));
- }
-}
-#elif !defined(CUSTOM_SYS_AUTH_PASSWD)
-int
-sys_auth_passwd(Authctxt *authctxt, const char *password)
-{
- struct passwd *pw = authctxt->pw;
- char *encrypted_password;
-
- /* Just use the supplied fake password if authctxt is invalid */
- char *pw_password = authctxt->valid ? shadow_pw(pw) : pw->pw_passwd;
-
- /* Check for users with no password. */
- if (strcmp(pw_password, "") == 0 && strcmp(password, "") == 0)
- return (1);
-
- /* Encrypt the candidate password using the proper salt. */
- encrypted_password = xcrypt(password,
- (pw_password[0] && pw_password[1]) ? pw_password : "xx");