From 06817f9cd3bf6720ff59b38efe42ebfd8db47546 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 7 Jan 2003 23:55:59 +1100 Subject: - (djm) Fix my fix of the fix for the Bug #442 for PAM case. Spotted by dtucker@zip.com.au. Reorder for clarity too. --- ChangeLog | 4 +++- auth.c | 69 +++++++++++++++++++++++++++++++++------------------------------ 2 files changed, 39 insertions(+), 34 deletions(-) diff --git a/ChangeLog b/ChangeLog index 890b16210..2441fdfa9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,8 @@ nasties. Report from peak@argo.troja.mff.cuni.cz - (djm) Bug #178: On AIX /etc/nologin wasnt't shown to users. Fix from Ralf.Wenk@fh-karlsruhe.de and dtucker@zip.com.au + - (djm) Fix my fix of the fix for the Bug #442 for PAM case. Spotted by + dtucker@zip.com.au. Reorder for clarity too. 20030103 - (djm) Bug #461: ssh-copy-id fails with no arguments. Patch from @@ -940,4 +942,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2547 2003/01/07 06:38:58 djm Exp $ +$Id: ChangeLog,v 1.2548 2003/01/07 12:55:59 djm Exp $ diff --git a/auth.c b/auth.c index 7deded205..48586cc5d 100644 --- a/auth.c +++ b/auth.c @@ -78,8 +78,7 @@ allowed_user(struct passwd * pw) #ifdef WITH_AIXAUTHENTICATE char *loginmsg; #endif /* WITH_AIXAUTHENTICATE */ -#if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \ - !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE) +#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) struct spwd *spw; #endif @@ -87,38 +86,11 @@ allowed_user(struct passwd * pw) if (!pw || !pw->pw_name) return 0; -#if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \ - !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE) -#define DAY (24L * 60 * 60) /* 1 day in seconds */ + /* Grab the password for locked account checking */ +#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) spw = getspnam(pw->pw_name); - if (spw != NULL) { - time_t today = time(NULL) / DAY; - debug3("allowed_user: today %d sp_expire %d sp_lstchg %d" - " sp_max %d", (int)today, (int)spw->sp_expire, - (int)spw->sp_lstchg, (int)spw->sp_max); - - /* - * We assume account and password expiration occurs the - * day after the day specified. - */ - if (spw->sp_expire != -1 && today > spw->sp_expire) { - log("Account %.100s has expired", pw->pw_name); - return 0; - } - - if (spw->sp_lstchg == 0) { - log("User %.100s password has expired (root forced)", - pw->pw_name); - return 0; - } - - if (spw->sp_max != -1 && - today > spw->sp_lstchg + spw->sp_max) { - log("User %.100s password has expired (password aged)", - pw->pw_name); - return 0; - } - } + if (!spw) + return 0; passwd = spw->sp_pwdp; #else passwd = pw->pw_passwd; @@ -131,6 +103,37 @@ allowed_user(struct passwd * pw) return 0; } +#if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \ + !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE) +#define DAY (24L * 60 * 60) /* 1 day in seconds */ + time_t today = time(NULL) / DAY; + debug3("allowed_user: today %d sp_expire %d sp_lstchg %d" + " sp_max %d", (int)today, (int)spw->sp_expire, + (int)spw->sp_lstchg, (int)spw->sp_max); + + /* + * We assume account and password expiration occurs the + * day after the day specified. + */ + if (spw->sp_expire != -1 && today > spw->sp_expire) { + log("Account %.100s has expired", pw->pw_name); + return 0; + } + + if (spw->sp_lstchg == 0) { + log("User %.100s password has expired (root forced)", + pw->pw_name); + return 0; + } + + if (spw->sp_max != -1 && + today > spw->sp_lstchg + spw->sp_max) { + log("User %.100s password has expired (password aged)", + pw->pw_name); + return 0; + } +#endif + /* * Get the shell from the password data. An empty shell field is * legal, and means /bin/sh. -- cgit v1.2.3