AIX Warning for expired password

Pablo Sor psor at afip.gov.ar
Wed Sep 5 04:57:01 EST 2001 

Hi,

I have made a patch for AIX to report the number of days till a password
expire and to prompt for a new one.
This patch was made for openssh-SNAP-20010904.tar.gz (2.9p2) of the CVS
repository.

If you have any suggestion or question to submit, please cc to me,
I'm not in the list. 

Bye



-- 
Pablo Sor
Departamento de Seguridad Informatica - AFIP
psor at afip.gov.ar, psor at ccc.uba.ar
-------------- next part --------------
--- session.c	Tue Sep  4 13:16:07 2001
+++ session.c	Tue Sep  4 13:16:10 2001
@@ -57,6 +57,10 @@
 #include "canohost.h"
 #include "session.h"
 
+#ifdef WITH_AIXAUTHENTICATE
+#include "misc.h"
+#endif /* WITH_AIXAUTHENTICATE */
+
 #ifdef WITH_IRIX_PROJECT
 #include <proj.h>
 #endif /* WITH_IRIX_PROJECT */
@@ -675,13 +679,14 @@
 void
 do_login(Session *s, const char *command)
 {
-	char *time_string;
+	char *time_string,*msg;
 	char hostname[MAXHOSTNAMELEN];
 	socklen_t fromlen;
 	struct sockaddr_storage from;
 	time_t last_login_time;
 	struct passwd * pw = s->pw;
 	pid_t pid = getpid();
+	int retval;
 
 	/*
 	 * Get IP address of client. If the connection is not a socket, let
@@ -730,6 +735,44 @@
 #ifdef WITH_AIXAUTHENTICATE
 	if (aixloginmsg && *aixloginmsg)
 		printf("%s\n", aixloginmsg);
+#endif /* WITH_AIXAUTHENTICATE */
+
+#ifdef WITH_AIXAUTHENTICATE
+
+	retval = passwdexpired(pw->pw_name,&msg);
+
+	if (msg && *msg) 
+		printf("%s\n",msg);
+
+	if (retval == 1) {
+
+		pid_t pid;
+		int status;
+		mysig_t old_signal;
+
+		old_signal = mysignal(SIGCHLD, SIG_DFL);
+
+		if ((pid = fork()) == -1)
+			fatal("Couldn't fork: %s", strerror(errno));
+
+		if (pid == 0) {
+			setuid(pw->pw_uid);
+			execl("/usr/bin/passwd","passwd",pw->pw_name,
+				(char *)NULL);
+		}
+
+		if (waitpid(pid, &status, 0) == -1)
+			fatal("Couldn't wait for child: %s", strerror(errno));
+
+		/* Passwd exited abnormally */
+
+		if (WEXITSTATUS(status)) 
+			exit(1);
+
+		mysignal(SIGCHLD, old_signal);
+
+	}
+
 #endif /* WITH_AIXAUTHENTICATE */
 
 	if (options.print_lastlog && last_login_time != 0) {

More information about the openssh-unix-dev mailing list