1 files changed, 43 insertions, 8 deletions
diff --git a/auth.c b/auth.c
index d4768a154..9a59e2707 100644
--- a/auth.c
+++ b/auth.c
@@ -73,23 +73,25 @@ int
 allowed_user(struct passwd * pw)
 {
        struct stat st;
-        const char *hostname = NULL, *ipaddr = NULL;
+        const char *hostname = NULL, *ipaddr = NULL, *passwd;
        char *shell;
        int i;
-#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) && \
+#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
-    defined(HAS_SHADOW_EXPIRE)
+        struct spwd *spw = NULL;
-        struct spwd *spw;
-        time_t today;
 #endif
        /* Shouldn't be called if pw is NULL, but better safe than sorry... */
        if (!pw || !pw->pw_name)
                return 0;
-#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) && \
+#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
-    defined(HAS_SHADOW_EXPIRE)
+        if (!options.use_pam)
+                spw = getspnam(pw->pw_name);
+#ifdef HAS_SHADOW_EXPIRE
 #define DAY             (24L * 60 * 60) /* 1 day in seconds */
-        if (!options.use_pam && (spw = getspnam(pw->pw_name)) != NULL) {
+        if (!options.use_pam && spw != NULL) {
+                time_t today;
                today = time(NULL) / DAY;
                debug3("allowed_user: today %d sp_expire %d sp_lstchg %d"
                    " sp_max %d", (int)today, (int)spw->sp_expire,
@@ -117,8 +119,41 @@ allowed_user(struct passwd * pw)
                        return 0;
                }
        }
+#endif /* HAS_SHADOW_EXPIRE */
+#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
+        /* grab passwd field for locked account check */
+#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
+        if (spw != NULL)
+                passwd = spw->sp_pwdp;
+#else
+        passwd = pw->pw_passwd;
 #endif
+        /* check for locked account */ 
+        if (passwd && *passwd) {
+                int locked = 0;
+#ifdef LOCKED_PASSWD_STRING
+                if (strcmp(passwd, LOCKED_PASSWD_STRING) == 0)
+                         locked = 1;
+#endif
+#ifdef LOCKED_PASSWD_PREFIX
+                if (strncmp(passwd, LOCKED_PASSWD_PREFIX,
+                    strlen(LOCKED_PASSWD_PREFIX)) == 0)
+                         locked = 1;
+#endif
+#ifdef LOCKED_PASSWD_SUBSTR
+                if (strstr(passwd, LOCKED_PASSWD_SUBSTR))
+                        locked = 1;
+#endif
+                if (locked) {
+                        logit("User %.100s not allowed because account is locked",
+                            pw->pw_name);
+                        return 0;
+                }
+        }
        /*
         * Get the shell from the password data.  An empty shell field is
         * legal, and means /bin/sh.

diff --git a/auth.c b/auth.c index d4768a154..9a59e2707 100644 --- a/auth.c +++ b/auth.c
@@ -73,23 +73,25 @@ int
73	allowed_user(struct passwd * pw)	73	allowed_user(struct passwd * pw)
74	{	74	{
75	struct stat st;	75	struct stat st;
76	const char hostname = NULL, ipaddr = NULL;	76	const char hostname = NULL, ipaddr = NULL, *passwd;
77	char *shell;	77	char *shell;
78	int i;	78	int i;
79	#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) && \	79	#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
80	defined(HAS_SHADOW_EXPIRE)	80	struct spwd *spw = NULL;
81	struct spwd *spw;
82	time_t today;
83	#endif	81	#endif
84		82
85	/* Shouldn't be called if pw is NULL, but better safe than sorry... */	83	/* Shouldn't be called if pw is NULL, but better safe than sorry... */
86	if (!pw \|\| !pw->pw_name)	84	if (!pw \|\| !pw->pw_name)
87	return 0;	85	return 0;
88		86
89	#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) && \	87	#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
90	defined(HAS_SHADOW_EXPIRE)	88	if (!options.use_pam)
		89	spw = getspnam(pw->pw_name);
		90	#ifdef HAS_SHADOW_EXPIRE
91	#define DAY (24L * 60 * 60) /* 1 day in seconds */	91	#define DAY (24L * 60 * 60) /* 1 day in seconds */
92	if (!options.use_pam && (spw = getspnam(pw->pw_name)) != NULL) {	92	if (!options.use_pam && spw != NULL) {
		93	time_t today;
		94
93	today = time(NULL) / DAY;	95	today = time(NULL) / DAY;
94	debug3("allowed_user: today %d sp_expire %d sp_lstchg %d"	96	debug3("allowed_user: today %d sp_expire %d sp_lstchg %d"
95	" sp_max %d", (int)today, (int)spw->sp_expire,	97	" sp_max %d", (int)today, (int)spw->sp_expire,
@@ -117,8 +119,41 @@ allowed_user(struct passwd * pw)
117	return 0;	119	return 0;
118	}	120	}
119	}	121	}
		122	#endif /* HAS_SHADOW_EXPIRE */
		123	#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
		124
		125	/* grab passwd field for locked account check */
		126	#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
		127	if (spw != NULL)
		128	passwd = spw->sp_pwdp;
		129	#else
		130	passwd = pw->pw_passwd;
120	#endif	131	#endif
121		132
		133	/* check for locked account */
		134	if (passwd && *passwd) {
		135	int locked = 0;
		136
		137	#ifdef LOCKED_PASSWD_STRING
		138	if (strcmp(passwd, LOCKED_PASSWD_STRING) == 0)
		139	locked = 1;
		140	#endif
		141	#ifdef LOCKED_PASSWD_PREFIX
		142	if (strncmp(passwd, LOCKED_PASSWD_PREFIX,
		143	strlen(LOCKED_PASSWD_PREFIX)) == 0)
		144	locked = 1;
		145	#endif
		146	#ifdef LOCKED_PASSWD_SUBSTR
		147	if (strstr(passwd, LOCKED_PASSWD_SUBSTR))
		148	locked = 1;
		149	#endif
		150	if (locked) {
		151	logit("User %.100s not allowed because account is locked",
		152	pw->pw_name);
		153	return 0;
		154	}
		155	}
		156
122	/*	157	/*
123	* Get the shell from the password data. An empty shell field is	158	* Get the shell from the password data. An empty shell field is
124	* legal, and means /bin/sh.	159	* legal, and means /bin/sh.