diff options
| -rw-r--r-- | ChangeLog | 4 | ||||
| -rw-r--r-- | auth.c | 21 |
2 files changed, 19 insertions, 6 deletions
| @@ -1,6 +1,8 @@ | |||
| 1 | 20030107 | 1 | 20030107 |
| 2 | - (djm) Bug #401: Work around Linux breakage with IPv6 mapped addresses. | 2 | - (djm) Bug #401: Work around Linux breakage with IPv6 mapped addresses. |
| 3 | Based on fix from yoshfuji@linux-ipv6.org | 3 | Based on fix from yoshfuji@linux-ipv6.org |
| 4 | - (djm) Bug #442: Check for and deny access to accounts with locked | ||
| 5 | passwords. Patch from dtucker@zip.com.au | ||
| 4 | 6 | ||
| 5 | 20030103 | 7 | 20030103 |
| 6 | - (djm) Bug #461: ssh-copy-id fails with no arguments. Patch from | 8 | - (djm) Bug #461: ssh-copy-id fails with no arguments. Patch from |
| @@ -929,4 +931,4 @@ | |||
| 929 | save auth method before monitor_reset_key_state(); bugzilla bug #284; | 931 | save auth method before monitor_reset_key_state(); bugzilla bug #284; |
| 930 | ok provos@ | 932 | ok provos@ |
| 931 | 933 | ||
| 932 | $Id: ChangeLog,v 1.2541 2003/01/06 23:51:23 djm Exp $ | 934 | $Id: ChangeLog,v 1.2542 2003/01/07 01:19:32 djm Exp $ |
| @@ -72,20 +72,23 @@ int | |||
| 72 | allowed_user(struct passwd * pw) | 72 | allowed_user(struct passwd * pw) |
| 73 | { | 73 | { |
| 74 | struct stat st; | 74 | struct stat st; |
| 75 | const char *hostname = NULL, *ipaddr = NULL; | 75 | const char *hostname = NULL, *ipaddr = NULL, *passwd; |
| 76 | char *shell; | 76 | char *shell; |
| 77 | int i; | 77 | int i; |
| 78 | #ifdef WITH_AIXAUTHENTICATE | 78 | #ifdef WITH_AIXAUTHENTICATE |
| 79 | char *loginmsg; | 79 | char *loginmsg; |
| 80 | #endif /* WITH_AIXAUTHENTICATE */ | 80 | #endif /* WITH_AIXAUTHENTICATE */ |
| 81 | #if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \ | 81 | #if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \ |
| 82 | !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE) | 82 | !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE) |
| 83 | struct spwd *spw; | 83 | struct spwd *spw; |
| 84 | #endif | ||
| 84 | 85 | ||
| 85 | /* Shouldn't be called if pw is NULL, but better safe than sorry... */ | 86 | /* Shouldn't be called if pw is NULL, but better safe than sorry... */ |
| 86 | if (!pw || !pw->pw_name) | 87 | if (!pw || !pw->pw_name) |
| 87 | return 0; | 88 | return 0; |
| 88 | 89 | ||
| 90 | #if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \ | ||
| 91 | !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE) | ||
| 89 | #define DAY (24L * 60 * 60) /* 1 day in seconds */ | 92 | #define DAY (24L * 60 * 60) /* 1 day in seconds */ |
| 90 | spw = getspnam(pw->pw_name); | 93 | spw = getspnam(pw->pw_name); |
| 91 | if (spw != NULL) { | 94 | if (spw != NULL) { |
| @@ -116,11 +119,19 @@ allowed_user(struct passwd * pw) | |||
| 116 | return 0; | 119 | return 0; |
| 117 | } | 120 | } |
| 118 | } | 121 | } |
| 122 | #endif | ||
| 123 | |||
| 124 | #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) | ||
| 125 | passwd = spw->sp_pwdp; | ||
| 119 | #else | 126 | #else |
| 120 | /* Shouldn't be called if pw is NULL, but better safe than sorry... */ | 127 | passwd = pw->pw_passwd; |
| 121 | if (!pw || !pw->pw_name) | ||
| 122 | return 0; | ||
| 123 | #endif | 128 | #endif |
| 129 | /* check for locked account */ | ||
| 130 | if (strcmp(passwd, "*LK*") == 0 || passwd[0] == '!') { | ||
| 131 | log("User %.100s not allowed because account is locked", | ||
| 132 | pw->pw_name); | ||
| 133 | return 0; | ||
| 134 | } | ||
| 124 | 135 | ||
| 125 | /* | 136 | /* |
| 126 | * Get the shell from the password data. An empty shell field is | 137 | * Get the shell from the password data. An empty shell field is |