diff options
| author | Damien Miller <djm@mindrot.org> | 2003-01-07 23:55:59 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2003-01-07 23:55:59 +1100 |
| commit | 06817f9cd3bf6720ff59b38efe42ebfd8db47546 (patch) | |
| tree | 6bf03d3b694777fe05e8e6338135872c46ecf54b | |
| parent | f25c18d7e8810ad94c7d2030cb0427e22745531e (diff) | |
- (djm) Fix my fix of the fix for the Bug #442 for PAM case. Spotted by
dtucker@zip.com.au. Reorder for clarity too.
| -rw-r--r-- | ChangeLog | 4 | ||||
| -rw-r--r-- | auth.c | 69 |
2 files changed, 39 insertions, 34 deletions
| @@ -12,6 +12,8 @@ | |||
| 12 | nasties. Report from peak@argo.troja.mff.cuni.cz | 12 | nasties. Report from peak@argo.troja.mff.cuni.cz |
| 13 | - (djm) Bug #178: On AIX /etc/nologin wasnt't shown to users. Fix from | 13 | - (djm) Bug #178: On AIX /etc/nologin wasnt't shown to users. Fix from |
| 14 | Ralf.Wenk@fh-karlsruhe.de and dtucker@zip.com.au | 14 | Ralf.Wenk@fh-karlsruhe.de and dtucker@zip.com.au |
| 15 | - (djm) Fix my fix of the fix for the Bug #442 for PAM case. Spotted by | ||
| 16 | dtucker@zip.com.au. Reorder for clarity too. | ||
| 15 | 17 | ||
| 16 | 20030103 | 18 | 20030103 |
| 17 | - (djm) Bug #461: ssh-copy-id fails with no arguments. Patch from | 19 | - (djm) Bug #461: ssh-copy-id fails with no arguments. Patch from |
| @@ -940,4 +942,4 @@ | |||
| 940 | save auth method before monitor_reset_key_state(); bugzilla bug #284; | 942 | save auth method before monitor_reset_key_state(); bugzilla bug #284; |
| 941 | ok provos@ | 943 | ok provos@ |
| 942 | 944 | ||
| 943 | $Id: ChangeLog,v 1.2547 2003/01/07 06:38:58 djm Exp $ | 945 | $Id: ChangeLog,v 1.2548 2003/01/07 12:55:59 djm Exp $ |
| @@ -78,8 +78,7 @@ allowed_user(struct passwd * pw) | |||
| 78 | #ifdef WITH_AIXAUTHENTICATE | 78 | #ifdef WITH_AIXAUTHENTICATE |
| 79 | char *loginmsg; | 79 | char *loginmsg; |
| 80 | #endif /* WITH_AIXAUTHENTICATE */ | 80 | #endif /* WITH_AIXAUTHENTICATE */ |
| 81 | #if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \ | 81 | #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) |
| 82 | !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE) | ||
| 83 | struct spwd *spw; | 82 | struct spwd *spw; |
| 84 | #endif | 83 | #endif |
| 85 | 84 | ||
| @@ -87,38 +86,11 @@ allowed_user(struct passwd * pw) | |||
| 87 | if (!pw || !pw->pw_name) | 86 | if (!pw || !pw->pw_name) |
| 88 | return 0; | 87 | return 0; |
| 89 | 88 | ||
| 90 | #if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \ | 89 | /* Grab the password for locked account checking */ |
| 91 | !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE) | 90 | #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) |
| 92 | #define DAY (24L * 60 * 60) /* 1 day in seconds */ | ||
| 93 | spw = getspnam(pw->pw_name); | 91 | spw = getspnam(pw->pw_name); |
| 94 | if (spw != NULL) { | 92 | if (!spw) |
| 95 | time_t today = time(NULL) / DAY; | 93 | return 0; |
| 96 | debug3("allowed_user: today %d sp_expire %d sp_lstchg %d" | ||
| 97 | " sp_max %d", (int)today, (int)spw->sp_expire, | ||
| 98 | (int)spw->sp_lstchg, (int)spw->sp_max); | ||
| 99 | |||
| 100 | /* | ||
| 101 | * We assume account and password expiration occurs the | ||
| 102 | * day after the day specified. | ||
| 103 | */ | ||
| 104 | if (spw->sp_expire != -1 && today > spw->sp_expire) { | ||
| 105 | log("Account %.100s has expired", pw->pw_name); | ||
| 106 | return 0; | ||
| 107 | } | ||
| 108 | |||
| 109 | if (spw->sp_lstchg == 0) { | ||
| 110 | log("User %.100s password has expired (root forced)", | ||
| 111 | pw->pw_name); | ||
| 112 | return 0; | ||
| 113 | } | ||
| 114 | |||
| 115 | if (spw->sp_max != -1 && | ||
| 116 | today > spw->sp_lstchg + spw->sp_max) { | ||
| 117 | log("User %.100s password has expired (password aged)", | ||
| 118 | pw->pw_name); | ||
| 119 | return 0; | ||
| 120 | } | ||
| 121 | } | ||
| 122 | passwd = spw->sp_pwdp; | 94 | passwd = spw->sp_pwdp; |
| 123 | #else | 95 | #else |
| 124 | passwd = pw->pw_passwd; | 96 | passwd = pw->pw_passwd; |
| @@ -131,6 +103,37 @@ allowed_user(struct passwd * pw) | |||
| 131 | return 0; | 103 | return 0; |
| 132 | } | 104 | } |
| 133 | 105 | ||
| 106 | #if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \ | ||
| 107 | !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE) | ||
| 108 | #define DAY (24L * 60 * 60) /* 1 day in seconds */ | ||
| 109 | time_t today = time(NULL) / DAY; | ||
| 110 | debug3("allowed_user: today %d sp_expire %d sp_lstchg %d" | ||
| 111 | " sp_max %d", (int)today, (int)spw->sp_expire, | ||
| 112 | (int)spw->sp_lstchg, (int)spw->sp_max); | ||
| 113 | |||
| 114 | /* | ||
| 115 | * We assume account and password expiration occurs the | ||
| 116 | * day after the day specified. | ||
| 117 | */ | ||
| 118 | if (spw->sp_expire != -1 && today > spw->sp_expire) { | ||
| 119 | log("Account %.100s has expired", pw->pw_name); | ||
| 120 | return 0; | ||
| 121 | } | ||
| 122 | |||
| 123 | if (spw->sp_lstchg == 0) { | ||
| 124 | log("User %.100s password has expired (root forced)", | ||
| 125 | pw->pw_name); | ||
| 126 | return 0; | ||
| 127 | } | ||
| 128 | |||
| 129 | if (spw->sp_max != -1 && | ||
| 130 | today > spw->sp_lstchg + spw->sp_max) { | ||
| 131 | log("User %.100s password has expired (password aged)", | ||
| 132 | pw->pw_name); | ||
| 133 | return 0; | ||
| 134 | } | ||
| 135 | #endif | ||
| 136 | |||
| 134 | /* | 137 | /* |
| 135 | * Get the shell from the password data. An empty shell field is | 138 | * Get the shell from the password data. An empty shell field is |
| 136 | * legal, and means /bin/sh. | 139 | * legal, and means /bin/sh. |