diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2003-10-15 17:48:20 +1000 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2003-10-15 17:48:20 +1000 |
| commit | c6020651bae65dc5f8e1533c56871aed2c5883f3 (patch) | |
| tree | be19a733a8f9c198c756460c6917f5e48607e156 | |
| parent | b8b4d0bbbe29467a47a4014f37882a52066af1e1 (diff) | |
- (dtucker) [auth.c] Check for disabled password expiry on HP-UX Trusted Mode.
| -rw-r--r-- | ChangeLog | 3 | ||||
| -rw-r--r-- | auth.c | 11 |
2 files changed, 11 insertions, 3 deletions
| @@ -42,6 +42,7 @@ | |||
| 42 | - (dtucker) [acconfig.h configure.ac dns.c openbsd-compat/getrrsetbyname.c | 42 | - (dtucker) [acconfig.h configure.ac dns.c openbsd-compat/getrrsetbyname.c |
| 43 | openbsd-compat/getrrsetbyname.h] DNS fingerprint support is now always | 43 | openbsd-compat/getrrsetbyname.h] DNS fingerprint support is now always |
| 44 | compiled in but disabled in config. | 44 | compiled in but disabled in config. |
| 45 | - (dtucker) [auth.c] Check for disabled password expiry on HP-UX Trusted Mode. | ||
| 45 | 46 | ||
| 46 | 20031009 | 47 | 20031009 |
| 47 | - (dtucker) [sshd_config.5] UsePAM defaults to "no". ok djm@ | 48 | - (dtucker) [sshd_config.5] UsePAM defaults to "no". ok djm@ |
| @@ -1359,4 +1360,4 @@ | |||
| 1359 | - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. | 1360 | - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. |
| 1360 | Report from murple@murple.net, diagnosis from dtucker@zip.com.au | 1361 | Report from murple@murple.net, diagnosis from dtucker@zip.com.au |
| 1361 | 1362 | ||
| 1362 | $Id: ChangeLog,v 1.3080 2003/10/15 06:57:57 dtucker Exp $ | 1363 | $Id: ChangeLog,v 1.3081 2003/10/15 07:48:20 dtucker Exp $ |
| @@ -90,6 +90,7 @@ allowed_user(struct passwd * pw) | |||
| 90 | #ifdef HAS_SHADOW_EXPIRE | 90 | #ifdef HAS_SHADOW_EXPIRE |
| 91 | #define DAY (24L * 60 * 60) /* 1 day in seconds */ | 91 | #define DAY (24L * 60 * 60) /* 1 day in seconds */ |
| 92 | if (!options.use_pam && spw != NULL) { | 92 | if (!options.use_pam && spw != NULL) { |
| 93 | int disabled = 0; | ||
| 93 | time_t today; | 94 | time_t today; |
| 94 | 95 | ||
| 95 | today = time(NULL) / DAY; | 96 | today = time(NULL) / DAY; |
| @@ -106,13 +107,19 @@ allowed_user(struct passwd * pw) | |||
| 106 | return 0; | 107 | return 0; |
| 107 | } | 108 | } |
| 108 | 109 | ||
| 109 | if (spw->sp_lstchg == 0) { | 110 | #if defined(__hpux) && !defined(HAVE_SECUREWARE) |
| 111 | if (iscomsec() && spw->sp_min == 0 && spw->sp_max == 0 && | ||
| 112 | spw->sp_warn == 0) | ||
| 113 | disabled = 1; /* Trusted Mode: expiry disabled */ | ||
| 114 | #endif | ||
| 115 | |||
| 116 | if (!disabled && spw->sp_lstchg == 0) { | ||
| 110 | logit("User %.100s password has expired (root forced)", | 117 | logit("User %.100s password has expired (root forced)", |
| 111 | pw->pw_name); | 118 | pw->pw_name); |
| 112 | return 0; | 119 | return 0; |
| 113 | } | 120 | } |
| 114 | 121 | ||
| 115 | if (spw->sp_max != -1 && | 122 | if (!disabled && spw->sp_max != -1 && |
| 116 | today > spw->sp_lstchg + spw->sp_max) { | 123 | today > spw->sp_lstchg + spw->sp_max) { |
| 117 | logit("User %.100s password has expired (password aged)", | 124 | logit("User %.100s password has expired (password aged)", |
| 118 | pw->pw_name); | 125 | pw->pw_name); |