- (tim) [configure.ac] updwtmpx() on OpenServer seems to add duplicate entry.

[openssh.git] / auth-passwd.c

diff --git a/auth-passwd.c b/auth-passwd.c
index a58dc042b666f804410689b60a84f795da34673c..7a68e05628616446747ae392972e3305e0b051e7 100644 (file)
--- a/auth-passwd.c
+++ b/auth-passwd.c
@@ -64,6 +64,9 @@ auth_password(Authctxt *authctxt, const char *password)
 {
        struct passwd * pw = authctxt->pw;
        int ok = authctxt->valid;
+#if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
+       static int expire_checked = 0;
+#endif
 
 #ifndef HAVE_CYGWIN
        if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
@@ -72,13 +75,6 @@ auth_password(Authctxt *authctxt, const char *password)
        if (*password == '\0' && options.permit_empty_passwd == 0)
                return 0;
 
-#if defined(HAVE_OSF_SIA)
-       /*
-        * XXX: any reason this is before krb?  could be moved to
-        * sys_auth_passwd()?  -dt
-        */
-       return auth_sia_password(authctxt, password) && ok;
-#endif
 #ifdef KRB5
        if (options.kerberos_authentication == 1) {
                int ret = auth_krb5_password(authctxt, password);
@@ -97,6 +93,20 @@ auth_password(Authctxt *authctxt, const char *password)
                return ok;
        }
 #endif
+#ifdef USE_PAM
+       if (options.use_pam)
+               return (sshpam_auth_passwd(authctxt, password) && ok);
+#endif
+#if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
+       if (!expire_checked) {
+               expire_checked = 1;
+               if (auth_shadow_pwexpired(authctxt)) {
+                       disable_forwarding();
+                       authctxt->force_pwchange = 1;
+               }
+       }
+#endif
+               
        return (sys_auth_passwd(authctxt, password) && ok);
 }