diff options
Diffstat (limited to 'auth.c')
-rw-r--r-- | auth.c | 21 |
1 files changed, 16 insertions, 5 deletions
@@ -72,20 +72,23 @@ int | |||
72 | allowed_user(struct passwd * pw) | 72 | allowed_user(struct passwd * pw) |
73 | { | 73 | { |
74 | struct stat st; | 74 | struct stat st; |
75 | const char *hostname = NULL, *ipaddr = NULL; | 75 | const char *hostname = NULL, *ipaddr = NULL, *passwd; |
76 | char *shell; | 76 | char *shell; |
77 | int i; | 77 | int i; |
78 | #ifdef WITH_AIXAUTHENTICATE | 78 | #ifdef WITH_AIXAUTHENTICATE |
79 | char *loginmsg; | 79 | char *loginmsg; |
80 | #endif /* WITH_AIXAUTHENTICATE */ | 80 | #endif /* WITH_AIXAUTHENTICATE */ |
81 | #if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \ | 81 | #if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \ |
82 | !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE) | 82 | !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE) |
83 | struct spwd *spw; | 83 | struct spwd *spw; |
84 | #endif | ||
84 | 85 | ||
85 | /* Shouldn't be called if pw is NULL, but better safe than sorry... */ | 86 | /* Shouldn't be called if pw is NULL, but better safe than sorry... */ |
86 | if (!pw || !pw->pw_name) | 87 | if (!pw || !pw->pw_name) |
87 | return 0; | 88 | return 0; |
88 | 89 | ||
90 | #if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \ | ||
91 | !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE) | ||
89 | #define DAY (24L * 60 * 60) /* 1 day in seconds */ | 92 | #define DAY (24L * 60 * 60) /* 1 day in seconds */ |
90 | spw = getspnam(pw->pw_name); | 93 | spw = getspnam(pw->pw_name); |
91 | if (spw != NULL) { | 94 | if (spw != NULL) { |
@@ -116,11 +119,19 @@ allowed_user(struct passwd * pw) | |||
116 | return 0; | 119 | return 0; |
117 | } | 120 | } |
118 | } | 121 | } |
122 | #endif | ||
123 | |||
124 | #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) | ||
125 | passwd = spw->sp_pwdp; | ||
119 | #else | 126 | #else |
120 | /* Shouldn't be called if pw is NULL, but better safe than sorry... */ | 127 | passwd = pw->pw_passwd; |
121 | if (!pw || !pw->pw_name) | ||
122 | return 0; | ||
123 | #endif | 128 | #endif |
129 | /* check for locked account */ | ||
130 | if (strcmp(passwd, "*LK*") == 0 || passwd[0] == '!') { | ||
131 | log("User %.100s not allowed because account is locked", | ||
132 | pw->pw_name); | ||
133 | return 0; | ||
134 | } | ||
124 | 135 | ||
125 | /* | 136 | /* |
126 | * Get the shell from the password data. An empty shell field is | 137 | * Get the shell from the password data. An empty shell field is |