summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--CREDITS5
-rw-r--r--ChangeLog2
-rw-r--r--acconfig.h3
-rw-r--r--auth.c24
-rw-r--r--configure.in22
5 files changed, 54 insertions, 2 deletions
diff --git a/CREDITS b/CREDITS
index 0fd00493a..c472261a3 100644
--- a/CREDITS
+++ b/CREDITS
@@ -3,9 +3,10 @@ Tatu Ylonen <ylo@cs.hut.fi> - Creator of SSH
3Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, 3Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
4Theo de Raadt, and Dug Song - Creators of OpenSSH 4Theo de Raadt, and Dug Song - Creators of OpenSSH
5 5
6Andrew Stribblehill <a.d.stribblehill@durham.ac.uk> - Bugfixes
7Andre Lucas <andre.lucas@dial.pipex.com> - new login code, many fixes 6Andre Lucas <andre.lucas@dial.pipex.com> - new login code, many fixes
7Andreas Steinmetz <ast@domdv.de> - Shadow password expiry support
8Andrew McGill <andrewm@datrix.co.za> - SCO fixes 8Andrew McGill <andrewm@datrix.co.za> - SCO fixes
9Andrew Stribblehill <a.d.stribblehill@durham.ac.uk> - Bugfixes
9Andy Sloane <andy@guildsoftware.com> - bugfixes 10Andy Sloane <andy@guildsoftware.com> - bugfixes
10Arkadiusz Miskiewicz <misiek@pld.org.pl> - IPv6 compat fixes 11Arkadiusz Miskiewicz <misiek@pld.org.pl> - IPv6 compat fixes
11Ben Lindstrom <mouring@pconline.com> - NeXT support 12Ben Lindstrom <mouring@pconline.com> - NeXT support
@@ -35,7 +36,7 @@ IWAMURO Motonori <iwa@mmp.fujitsu.co.jp> - bugfixes
35Jani Hakala <jahakala@cc.jyu.fi> - Patches 36Jani Hakala <jahakala@cc.jyu.fi> - Patches
36Jarno Huuskonen <jhuuskon@hytti.uku.fi> - Bugfixes 37Jarno Huuskonen <jhuuskon@hytti.uku.fi> - Bugfixes
37Jim Knoble <jmknoble@pobox.com> - Many patches 38Jim Knoble <jmknoble@pobox.com> - Many patches
38jonchen (email unknown) - the original author of PAM support of SSH 39Jonchen (email unknown) - the original author of PAM support of SSH
39Juergen Keil <jk@tools.de> - scp bugfixing 40Juergen Keil <jk@tools.de> - scp bugfixing
40Kees Cook <cook@cpoint.net> - scp fixes 41Kees Cook <cook@cpoint.net> - scp fixes
41Kenji Miyake <kenji@miyake.org> - Configure fixes 42Kenji Miyake <kenji@miyake.org> - Configure fixes
diff --git a/ChangeLog b/ChangeLog
index a5d6cd09b..a41898011 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,7 @@
120000626 120000626
2 - (djm) Better fix to aclocal tests from Garrick James <garrick@james.net> 2 - (djm) Better fix to aclocal tests from Garrick James <garrick@james.net>
3 - (djm) Account expiry support from Andreas Steinmetz <ast@domdv.de>
4 - (djm) Added password expiry checking (no password change support)
3 - OpenBSD CVS update 5 - OpenBSD CVS update
4 - provos@cvs.openbsd.org 2000/06/25 14:17:58 6 - provos@cvs.openbsd.org 2000/06/25 14:17:58
5 [channels.c] 7 [channels.c]
diff --git a/acconfig.h b/acconfig.h
index 9b8c3f234..20211a0af 100644
--- a/acconfig.h
+++ b/acconfig.h
@@ -133,6 +133,9 @@
133/* Define if you want to disable shadow passwords */ 133/* Define if you want to disable shadow passwords */
134#undef DISABLE_SHADOW 134#undef DISABLE_SHADOW
135 135
136/* Define if you want to use shadow password expire field */
137#undef HAS_SHADOW_EXPIRE
138
136/* Define if you want have trusted HPUX */ 139/* Define if you want have trusted HPUX */
137#undef HAVE_HPUX_TRUSTED_SYSTEM_PW 140#undef HAVE_HPUX_TRUSTED_SYSTEM_PW
138 141
diff --git a/auth.c b/auth.c
index 685b8bb35..bf5306be4 100644
--- a/auth.c
+++ b/auth.c
@@ -22,6 +22,9 @@ RCSID("$OpenBSD: auth.c,v 1.7 2000/05/17 21:37:24 deraadt Exp $");
22#ifdef HAVE_LOGIN_H 22#ifdef HAVE_LOGIN_H
23#include <login.h> 23#include <login.h>
24#endif 24#endif
25#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
26#include <shadow.h>
27#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
25 28
26#include "bufaux.h" 29#include "bufaux.h"
27#include "ssh2.h" 30#include "ssh2.h"
@@ -53,11 +56,32 @@ allowed_user(struct passwd * pw)
53#ifdef WITH_AIXAUTHENTICATE 56#ifdef WITH_AIXAUTHENTICATE
54 char *loginmsg; 57 char *loginmsg;
55#endif /* WITH_AIXAUTHENTICATE */ 58#endif /* WITH_AIXAUTHENTICATE */
59#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) && \
60 defined(HAS_SHADOW_EXPIRE)
61 struct spwd *spw;
56 62
57 /* Shouldn't be called if pw is NULL, but better safe than sorry... */ 63 /* Shouldn't be called if pw is NULL, but better safe than sorry... */
58 if (!pw) 64 if (!pw)
59 return 0; 65 return 0;
60 66
67 spw = getspnam(pw->pw_name);
68 if (spw == NULL)
69 return 0;
70
71 /* Check account expiry */
72 if ((spw->sp_expire > 0) && ((time(NULL) / 86400) > spw->sp_expire))
73 return 0;
74
75 /* Check password expiry */
76 if ((spw->sp_lstchg > 0) && (spw->sp_inact > 0) &&
77 ((time(NULL) / 86400) > (spw->sp_lstchg + spw->sp_inact)))
78 return 0;
79#else
80 /* Shouldn't be called if pw is NULL, but better safe than sorry... */
81 if (!pw)
82 return 0;
83#endif
84
61 /* 85 /*
62 * Get the shell from the password data. An empty shell field is 86 * Get the shell from the password data. An empty shell field is
63 * legal, and means /bin/sh. 87 * legal, and means /bin/sh.
diff --git a/configure.in b/configure.in
index d9a87d8e6..ca433e569 100644
--- a/configure.in
+++ b/configure.in
@@ -236,6 +236,8 @@ if (test -z "$no_pam" && test "x$ac_cv_header_security_pam_appl_h" = "xyes") ; t
236 236
237 AC_CHECK_FUNCS(pam_getenvlist) 237 AC_CHECK_FUNCS(pam_getenvlist)
238 238
239 disable_shadow=yes
240
239 PAM_MSG="yes" 241 PAM_MSG="yes"
240 242
241 # Check PAM strerror arguments (old PAM) 243 # Check PAM strerror arguments (old PAM)
@@ -933,10 +935,30 @@ AC_ARG_WITH(shadow,
933 [ 935 [
934 if test "x$withval" = "xno" ; then 936 if test "x$withval" = "xno" ; then
935 AC_DEFINE(DISABLE_SHADOW) 937 AC_DEFINE(DISABLE_SHADOW)
938 disable_shadow=yes
936 fi 939 fi
937 ] 940 ]
938) 941)
939 942
943if test -z "$disable_shadow" ; then
944 AC_MSG_CHECKING([if the systems has expire shadow information])
945 AC_TRY_COMPILE(
946 [
947#include <sys/types.h>
948#include <shadow.h>
949 struct spwd sp;
950 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
951 [ sp_expire_available=yes ], []
952 )
953
954 if test "x$sp_expire_available" = "xyes" ; then
955 AC_MSG_RESULT(yes)
956 AC_DEFINE(HAS_SHADOW_EXPIRE)
957 else
958 AC_MSG_RESULT(no)
959 fi
960fi
961
940# Use ip address instead of hostname in $DISPLAY 962# Use ip address instead of hostname in $DISPLAY
941DISPLAY_HACK_MSG="no" 963DISPLAY_HACK_MSG="no"
942AC_ARG_WITH(ipaddr-display, 964AC_ARG_WITH(ipaddr-display,