X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/37656beb90eac9a7928cb9acca40b5f0b0e712fd..7456203edf73698f98779302d0e36f51a5a28c24:/auth-passwd.c

diff --git a/auth-passwd.c b/auth-passwd.c
index d12996bb..7a68e056 100644
--- a/auth-passwd.c
+++ b/auth-passwd.c
@@ -36,21 +36,18 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth-passwd.c,v 1.30 2003/11/04 08:54:09 djm Exp $");
+RCSID("$OpenBSD: auth-passwd.c,v 1.31 2004/01/30 09:48:57 markus Exp $");
 
 #include "packet.h"
 #include "log.h"
 #include "servconf.h"
 #include "auth.h"
 #include "auth-options.h"
-#ifdef WITH_AIXAUTHENTICATE
-# include "canohost.h"
-#endif
 
 extern ServerOptions options;
 int sys_auth_passwd(Authctxt *, const char *);
 
-static void
+void
 disable_forwarding(void)
 {
 	no_port_forwarding_flag = 1;
@@ -67,6 +64,9 @@ auth_password(Authctxt *authctxt, const char *password)
 {
 	struct passwd * pw = authctxt->pw;
 	int ok = authctxt->valid;
+#if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
+	static int expire_checked = 0;
+#endif
 
 #ifndef HAVE_CYGWIN
 	if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
@@ -75,13 +75,6 @@ auth_password(Authctxt *authctxt, const char *password)
 	if (*password == '\0' && options.permit_empty_passwd == 0)
 		return 0;
 
-#if defined(HAVE_OSF_SIA)
-	/*
-	 * XXX: any reason this is before krb?  could be moved to
-	 * sys_auth_passwd()?  -dt
-	 */
-	return auth_sia_password(authctxt, password) && ok;
-#endif
 #ifdef KRB5
 	if (options.kerberos_authentication == 1) {
 		int ret = auth_krb5_password(authctxt, password);
@@ -100,6 +93,20 @@ auth_password(Authctxt *authctxt, const char *password)
 		return ok;
 	}
 #endif
+#ifdef USE_PAM
+	if (options.use_pam)
+		return (sshpam_auth_passwd(authctxt, password) && ok);
+#endif
+#if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
+	if (!expire_checked) {
+		expire_checked = 1;
+		if (auth_shadow_pwexpired(authctxt)) {
+			disable_forwarding();
+			authctxt->force_pwchange = 1;
+		}
+	}
+#endif
+		
 	return (sys_auth_passwd(authctxt, password) && ok);
 }
 
@@ -121,14 +128,7 @@ sys_auth_passwd(Authctxt *authctxt, const char *password)
 		return (auth_close(as));
 	}
 }
-#elif defined(WITH_AIXAUTHENTICATE)
-int
-sys_auth_passwd(Authctxt *authctxt, const char *password)
-{
-	return (aix_authenticate(authctxt->pw->pw_name, password,
-	    get_canonical_hostname(options.use_dns)));
-}
-#else
+#elif !defined(CUSTOM_SYS_AUTH_PASSWD)
 int
 sys_auth_passwd(Authctxt *authctxt, const char *password)
 {