diff options
-rw-r--r-- | CREDITS | 5 | ||||
-rw-r--r-- | ChangeLog | 2 | ||||
-rw-r--r-- | acconfig.h | 3 | ||||
-rw-r--r-- | auth.c | 24 | ||||
-rw-r--r-- | configure.in | 22 |
5 files changed, 54 insertions, 2 deletions
@@ -3,9 +3,10 @@ Tatu Ylonen <ylo@cs.hut.fi> - Creator of SSH | |||
3 | Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, | 3 | Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, |
4 | Theo de Raadt, and Dug Song - Creators of OpenSSH | 4 | Theo de Raadt, and Dug Song - Creators of OpenSSH |
5 | 5 | ||
6 | Andrew Stribblehill <a.d.stribblehill@durham.ac.uk> - Bugfixes | ||
7 | Andre Lucas <andre.lucas@dial.pipex.com> - new login code, many fixes | 6 | Andre Lucas <andre.lucas@dial.pipex.com> - new login code, many fixes |
7 | Andreas Steinmetz <ast@domdv.de> - Shadow password expiry support | ||
8 | Andrew McGill <andrewm@datrix.co.za> - SCO fixes | 8 | Andrew McGill <andrewm@datrix.co.za> - SCO fixes |
9 | Andrew Stribblehill <a.d.stribblehill@durham.ac.uk> - Bugfixes | ||
9 | Andy Sloane <andy@guildsoftware.com> - bugfixes | 10 | Andy Sloane <andy@guildsoftware.com> - bugfixes |
10 | Arkadiusz Miskiewicz <misiek@pld.org.pl> - IPv6 compat fixes | 11 | Arkadiusz Miskiewicz <misiek@pld.org.pl> - IPv6 compat fixes |
11 | Ben Lindstrom <mouring@pconline.com> - NeXT support | 12 | Ben Lindstrom <mouring@pconline.com> - NeXT support |
@@ -35,7 +36,7 @@ IWAMURO Motonori <iwa@mmp.fujitsu.co.jp> - bugfixes | |||
35 | Jani Hakala <jahakala@cc.jyu.fi> - Patches | 36 | Jani Hakala <jahakala@cc.jyu.fi> - Patches |
36 | Jarno Huuskonen <jhuuskon@hytti.uku.fi> - Bugfixes | 37 | Jarno Huuskonen <jhuuskon@hytti.uku.fi> - Bugfixes |
37 | Jim Knoble <jmknoble@pobox.com> - Many patches | 38 | Jim Knoble <jmknoble@pobox.com> - Many patches |
38 | jonchen (email unknown) - the original author of PAM support of SSH | 39 | Jonchen (email unknown) - the original author of PAM support of SSH |
39 | Juergen Keil <jk@tools.de> - scp bugfixing | 40 | Juergen Keil <jk@tools.de> - scp bugfixing |
40 | Kees Cook <cook@cpoint.net> - scp fixes | 41 | Kees Cook <cook@cpoint.net> - scp fixes |
41 | Kenji Miyake <kenji@miyake.org> - Configure fixes | 42 | Kenji Miyake <kenji@miyake.org> - Configure fixes |
@@ -1,5 +1,7 @@ | |||
1 | 20000626 | 1 | 20000626 |
2 | - (djm) Better fix to aclocal tests from Garrick James <garrick@james.net> | 2 | - (djm) Better fix to aclocal tests from Garrick James <garrick@james.net> |
3 | - (djm) Account expiry support from Andreas Steinmetz <ast@domdv.de> | ||
4 | - (djm) Added password expiry checking (no password change support) | ||
3 | - OpenBSD CVS update | 5 | - OpenBSD CVS update |
4 | - provos@cvs.openbsd.org 2000/06/25 14:17:58 | 6 | - provos@cvs.openbsd.org 2000/06/25 14:17:58 |
5 | [channels.c] | 7 | [channels.c] |
diff --git a/acconfig.h b/acconfig.h index 9b8c3f234..20211a0af 100644 --- a/acconfig.h +++ b/acconfig.h | |||
@@ -133,6 +133,9 @@ | |||
133 | /* Define if you want to disable shadow passwords */ | 133 | /* Define if you want to disable shadow passwords */ |
134 | #undef DISABLE_SHADOW | 134 | #undef DISABLE_SHADOW |
135 | 135 | ||
136 | /* Define if you want to use shadow password expire field */ | ||
137 | #undef HAS_SHADOW_EXPIRE | ||
138 | |||
136 | /* Define if you want have trusted HPUX */ | 139 | /* Define if you want have trusted HPUX */ |
137 | #undef HAVE_HPUX_TRUSTED_SYSTEM_PW | 140 | #undef HAVE_HPUX_TRUSTED_SYSTEM_PW |
138 | 141 | ||
@@ -22,6 +22,9 @@ RCSID("$OpenBSD: auth.c,v 1.7 2000/05/17 21:37:24 deraadt Exp $"); | |||
22 | #ifdef HAVE_LOGIN_H | 22 | #ifdef HAVE_LOGIN_H |
23 | #include <login.h> | 23 | #include <login.h> |
24 | #endif | 24 | #endif |
25 | #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) | ||
26 | #include <shadow.h> | ||
27 | #endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */ | ||
25 | 28 | ||
26 | #include "bufaux.h" | 29 | #include "bufaux.h" |
27 | #include "ssh2.h" | 30 | #include "ssh2.h" |
@@ -53,11 +56,32 @@ allowed_user(struct passwd * pw) | |||
53 | #ifdef WITH_AIXAUTHENTICATE | 56 | #ifdef WITH_AIXAUTHENTICATE |
54 | char *loginmsg; | 57 | char *loginmsg; |
55 | #endif /* WITH_AIXAUTHENTICATE */ | 58 | #endif /* WITH_AIXAUTHENTICATE */ |
59 | #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) && \ | ||
60 | defined(HAS_SHADOW_EXPIRE) | ||
61 | struct spwd *spw; | ||
56 | 62 | ||
57 | /* Shouldn't be called if pw is NULL, but better safe than sorry... */ | 63 | /* Shouldn't be called if pw is NULL, but better safe than sorry... */ |
58 | if (!pw) | 64 | if (!pw) |
59 | return 0; | 65 | return 0; |
60 | 66 | ||
67 | spw = getspnam(pw->pw_name); | ||
68 | if (spw == NULL) | ||
69 | return 0; | ||
70 | |||
71 | /* Check account expiry */ | ||
72 | if ((spw->sp_expire > 0) && ((time(NULL) / 86400) > spw->sp_expire)) | ||
73 | return 0; | ||
74 | |||
75 | /* Check password expiry */ | ||
76 | if ((spw->sp_lstchg > 0) && (spw->sp_inact > 0) && | ||
77 | ((time(NULL) / 86400) > (spw->sp_lstchg + spw->sp_inact))) | ||
78 | return 0; | ||
79 | #else | ||
80 | /* Shouldn't be called if pw is NULL, but better safe than sorry... */ | ||
81 | if (!pw) | ||
82 | return 0; | ||
83 | #endif | ||
84 | |||
61 | /* | 85 | /* |
62 | * Get the shell from the password data. An empty shell field is | 86 | * Get the shell from the password data. An empty shell field is |
63 | * legal, and means /bin/sh. | 87 | * legal, and means /bin/sh. |
diff --git a/configure.in b/configure.in index d9a87d8e6..ca433e569 100644 --- a/configure.in +++ b/configure.in | |||
@@ -236,6 +236,8 @@ if (test -z "$no_pam" && test "x$ac_cv_header_security_pam_appl_h" = "xyes") ; t | |||
236 | 236 | ||
237 | AC_CHECK_FUNCS(pam_getenvlist) | 237 | AC_CHECK_FUNCS(pam_getenvlist) |
238 | 238 | ||
239 | disable_shadow=yes | ||
240 | |||
239 | PAM_MSG="yes" | 241 | PAM_MSG="yes" |
240 | 242 | ||
241 | # Check PAM strerror arguments (old PAM) | 243 | # Check PAM strerror arguments (old PAM) |
@@ -933,10 +935,30 @@ AC_ARG_WITH(shadow, | |||
933 | [ | 935 | [ |
934 | if test "x$withval" = "xno" ; then | 936 | if test "x$withval" = "xno" ; then |
935 | AC_DEFINE(DISABLE_SHADOW) | 937 | AC_DEFINE(DISABLE_SHADOW) |
938 | disable_shadow=yes | ||
936 | fi | 939 | fi |
937 | ] | 940 | ] |
938 | ) | 941 | ) |
939 | 942 | ||
943 | if test -z "$disable_shadow" ; then | ||
944 | AC_MSG_CHECKING([if the systems has expire shadow information]) | ||
945 | AC_TRY_COMPILE( | ||
946 | [ | ||
947 | #include <sys/types.h> | ||
948 | #include <shadow.h> | ||
949 | struct spwd sp; | ||
950 | ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ], | ||
951 | [ sp_expire_available=yes ], [] | ||
952 | ) | ||
953 | |||
954 | if test "x$sp_expire_available" = "xyes" ; then | ||
955 | AC_MSG_RESULT(yes) | ||
956 | AC_DEFINE(HAS_SHADOW_EXPIRE) | ||
957 | else | ||
958 | AC_MSG_RESULT(no) | ||
959 | fi | ||
960 | fi | ||
961 | |||
940 | # Use ip address instead of hostname in $DISPLAY | 962 | # Use ip address instead of hostname in $DISPLAY |
941 | DISPLAY_HACK_MSG="no" | 963 | DISPLAY_HACK_MSG="no" |
942 | AC_ARG_WITH(ipaddr-display, | 964 | AC_ARG_WITH(ipaddr-display, |