diff options
Diffstat (limited to 'auth.c')
-rw-r--r-- | auth.c | 51 |
1 files changed, 43 insertions, 8 deletions
@@ -73,23 +73,25 @@ int | |||
73 | allowed_user(struct passwd * pw) | 73 | allowed_user(struct passwd * pw) |
74 | { | 74 | { |
75 | struct stat st; | 75 | struct stat st; |
76 | const char *hostname = NULL, *ipaddr = NULL; | 76 | const char *hostname = NULL, *ipaddr = NULL, *passwd; |
77 | char *shell; | 77 | char *shell; |
78 | int i; | 78 | int i; |
79 | #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) && \ | 79 | #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) |
80 | defined(HAS_SHADOW_EXPIRE) | 80 | struct spwd *spw = NULL; |
81 | struct spwd *spw; | ||
82 | time_t today; | ||
83 | #endif | 81 | #endif |
84 | 82 | ||
85 | /* Shouldn't be called if pw is NULL, but better safe than sorry... */ | 83 | /* Shouldn't be called if pw is NULL, but better safe than sorry... */ |
86 | if (!pw || !pw->pw_name) | 84 | if (!pw || !pw->pw_name) |
87 | return 0; | 85 | return 0; |
88 | 86 | ||
89 | #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) && \ | 87 | #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) |
90 | defined(HAS_SHADOW_EXPIRE) | 88 | if (!options.use_pam) |
89 | spw = getspnam(pw->pw_name); | ||
90 | #ifdef HAS_SHADOW_EXPIRE | ||
91 | #define DAY (24L * 60 * 60) /* 1 day in seconds */ | 91 | #define DAY (24L * 60 * 60) /* 1 day in seconds */ |
92 | if (!options.use_pam && (spw = getspnam(pw->pw_name)) != NULL) { | 92 | if (!options.use_pam && spw != NULL) { |
93 | time_t today; | ||
94 | |||
93 | today = time(NULL) / DAY; | 95 | today = time(NULL) / DAY; |
94 | debug3("allowed_user: today %d sp_expire %d sp_lstchg %d" | 96 | debug3("allowed_user: today %d sp_expire %d sp_lstchg %d" |
95 | " sp_max %d", (int)today, (int)spw->sp_expire, | 97 | " sp_max %d", (int)today, (int)spw->sp_expire, |
@@ -117,8 +119,41 @@ allowed_user(struct passwd * pw) | |||
117 | return 0; | 119 | return 0; |
118 | } | 120 | } |
119 | } | 121 | } |
122 | #endif /* HAS_SHADOW_EXPIRE */ | ||
123 | #endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */ | ||
124 | |||
125 | /* grab passwd field for locked account check */ | ||
126 | #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) | ||
127 | if (spw != NULL) | ||
128 | passwd = spw->sp_pwdp; | ||
129 | #else | ||
130 | passwd = pw->pw_passwd; | ||
120 | #endif | 131 | #endif |
121 | 132 | ||
133 | /* check for locked account */ | ||
134 | if (passwd && *passwd) { | ||
135 | int locked = 0; | ||
136 | |||
137 | #ifdef LOCKED_PASSWD_STRING | ||
138 | if (strcmp(passwd, LOCKED_PASSWD_STRING) == 0) | ||
139 | locked = 1; | ||
140 | #endif | ||
141 | #ifdef LOCKED_PASSWD_PREFIX | ||
142 | if (strncmp(passwd, LOCKED_PASSWD_PREFIX, | ||
143 | strlen(LOCKED_PASSWD_PREFIX)) == 0) | ||
144 | locked = 1; | ||
145 | #endif | ||
146 | #ifdef LOCKED_PASSWD_SUBSTR | ||
147 | if (strstr(passwd, LOCKED_PASSWD_SUBSTR)) | ||
148 | locked = 1; | ||
149 | #endif | ||
150 | if (locked) { | ||
151 | logit("User %.100s not allowed because account is locked", | ||
152 | pw->pw_name); | ||
153 | return 0; | ||
154 | } | ||
155 | } | ||
156 | |||
122 | /* | 157 | /* |
123 | * Get the shell from the password data. An empty shell field is | 158 | * Get the shell from the password data. An empty shell field is |
124 | * legal, and means /bin/sh. | 159 | * legal, and means /bin/sh. |