-/* $Id: platform.c,v 1.19 2013/03/12 00:31:05 dtucker Exp $ */
-
/*
* Copyright (c) 2006 Darren Tucker. All rights reserved.
*
#include "includes.h"
-#include <sys/types.h>
-
#include <stdarg.h>
+#include <stdio.h>
+#include <string.h>
#include <unistd.h>
#include "log.h"
-#include "buffer.h"
+#include "misc.h"
#include "servconf.h"
-#include "key.h"
+#include "sshkey.h"
#include "hostfile.h"
#include "auth.h"
#include "auth-pam.h"
#include "openbsd-compat/openbsd-compat.h"
-extern int use_privsep;
extern ServerOptions options;
-void
-platform_pre_listen(void)
-{
-#ifdef LINUX_OOM_ADJUST
- /* Adjust out-of-memory killer so listening process is not killed */
- oom_adjust_setup();
-#endif
-}
-
-void
-platform_pre_fork(void)
-{
-#ifdef USE_SOLARIS_PROCESS_CONTRACTS
- solaris_contract_pre_fork();
-#endif
-}
-
-void
-platform_post_fork_parent(pid_t child_pid)
-{
-#ifdef USE_SOLARIS_PROCESS_CONTRACTS
- solaris_contract_post_fork_parent(child_pid);
-#endif
-}
-
-void
-platform_post_fork_child(void)
-{
-#ifdef USE_SOLARIS_PROCESS_CONTRACTS
- solaris_contract_post_fork_child();
-#endif
-#ifdef LINUX_OOM_ADJUST
- oom_adjust_restore();
-#endif
-}
-
/* return 1 if we are running with privilege to swap UIDs, 0 otherwise */
int
platform_privileged_uidswap(void)
#endif
#ifdef USE_SOLARIS_PROJECTS
- /* if solaris projects were detected, set the default now */
- if (getuid() == 0 || geteuid() == 0)
+ /*
+ * If solaris projects were detected, set the default now, unless
+ * we are using PAM in which case it is the responsibility of the
+ * PAM stack.
+ */
+ if (!options.use_pam && (getuid() == 0 || geteuid() == 0))
solaris_set_default_project(pw);
#endif
*/
if (getuid() == 0 || geteuid() == 0) {
if (options.use_pam) {
- do_pam_setcred(use_privsep);
+ do_pam_setcred();
}
}
# endif /* USE_PAM */
* Reestablish them here.
*/
if (options.use_pam) {
- do_pam_setcred(use_privsep);
+ do_pam_setcred();
}
#endif /* USE_PAM */
aix_usrinfo(pw);
#endif /* _AIX */
-#if !defined(HAVE_LOGIN_CAP) && defined(USE_LIBIAF)
- if (set_id(pw->pw_name) != 0) {
- exit(1);
- }
-# endif /* USE_LIBIAF */
-
#ifdef HAVE_SETPCRED
/*
* If we have a chroot directory, we set all creds except real
#endif
}
-/*
- * return 1 if the specified uid is a uid that may own a system directory
- * otherwise 0.
- */
+/* returns 1 if account is locked */
int
-platform_sys_dir_uid(uid_t uid)
+platform_locked_account(struct passwd *pw)
{
- if (uid == 0)
- return 1;
-#ifdef PLATFORM_SYS_DIR_UID
- if (uid == PLATFORM_SYS_DIR_UID)
+ int locked = 0;
+ char *passwd = pw->pw_passwd;
+#ifdef USE_SHADOW
+ struct spwd *spw = NULL;
+#ifdef USE_LIBIAF
+ char *iaf_passwd = NULL;
+#endif
+
+ spw = getspnam(pw->pw_name);
+#ifdef HAS_SHADOW_EXPIRE
+ if (spw != NULL && auth_shadow_acctexpired(spw))
return 1;
+#endif /* HAS_SHADOW_EXPIRE */
+
+ if (spw != NULL)
+#ifdef USE_LIBIAF
+ iaf_passwd = passwd = get_iaf_password(pw);
+#else
+ passwd = spw->sp_pwdp;
+#endif /* USE_LIBIAF */
+#endif
+
+ /* check for locked account */
+ if (passwd && *passwd) {
+#ifdef LOCKED_PASSWD_STRING
+ if (strcmp(passwd, LOCKED_PASSWD_STRING) == 0)
+ locked = 1;
+#endif
+#ifdef LOCKED_PASSWD_PREFIX
+ if (strncmp(passwd, LOCKED_PASSWD_PREFIX,
+ strlen(LOCKED_PASSWD_PREFIX)) == 0)
+ locked = 1;
+#endif
+#ifdef LOCKED_PASSWD_SUBSTR
+ if (strstr(passwd, LOCKED_PASSWD_SUBSTR))
+ locked = 1;
#endif
- return 0;
+ }
+#ifdef USE_LIBIAF
+ if (iaf_passwd != NULL)
+ freezero(iaf_passwd, strlen(iaf_passwd));
+#endif /* USE_LIBIAF */
+
+ return locked;
}