mirror of
git://anongit.mindrot.org/openssh.git
synced 2025-01-12 20:51:01 +00:00
- (djm) Fix my fix of the fix for the Bug #442 for PAM case. Spotted by
dtucker@zip.com.au. Reorder for clarity too.
This commit is contained in:
parent
f25c18d7e8
commit
06817f9cd3
@ -12,6 +12,8 @@
|
|||||||
nasties. Report from peak@argo.troja.mff.cuni.cz
|
nasties. Report from peak@argo.troja.mff.cuni.cz
|
||||||
- (djm) Bug #178: On AIX /etc/nologin wasnt't shown to users. Fix from
|
- (djm) Bug #178: On AIX /etc/nologin wasnt't shown to users. Fix from
|
||||||
Ralf.Wenk@fh-karlsruhe.de and dtucker@zip.com.au
|
Ralf.Wenk@fh-karlsruhe.de and dtucker@zip.com.au
|
||||||
|
- (djm) Fix my fix of the fix for the Bug #442 for PAM case. Spotted by
|
||||||
|
dtucker@zip.com.au. Reorder for clarity too.
|
||||||
|
|
||||||
20030103
|
20030103
|
||||||
- (djm) Bug #461: ssh-copy-id fails with no arguments. Patch from
|
- (djm) Bug #461: ssh-copy-id fails with no arguments. Patch from
|
||||||
@ -940,4 +942,4 @@
|
|||||||
save auth method before monitor_reset_key_state(); bugzilla bug #284;
|
save auth method before monitor_reset_key_state(); bugzilla bug #284;
|
||||||
ok provos@
|
ok provos@
|
||||||
|
|
||||||
$Id: ChangeLog,v 1.2547 2003/01/07 06:38:58 djm Exp $
|
$Id: ChangeLog,v 1.2548 2003/01/07 12:55:59 djm Exp $
|
||||||
|
69
auth.c
69
auth.c
@ -78,8 +78,7 @@ allowed_user(struct passwd * pw)
|
|||||||
#ifdef WITH_AIXAUTHENTICATE
|
#ifdef WITH_AIXAUTHENTICATE
|
||||||
char *loginmsg;
|
char *loginmsg;
|
||||||
#endif /* WITH_AIXAUTHENTICATE */
|
#endif /* WITH_AIXAUTHENTICATE */
|
||||||
#if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \
|
#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
|
||||||
!defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
|
|
||||||
struct spwd *spw;
|
struct spwd *spw;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -87,38 +86,11 @@ allowed_user(struct passwd * pw)
|
|||||||
if (!pw || !pw->pw_name)
|
if (!pw || !pw->pw_name)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
#if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \
|
/* Grab the password for locked account checking */
|
||||||
!defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
|
#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
|
||||||
#define DAY (24L * 60 * 60) /* 1 day in seconds */
|
|
||||||
spw = getspnam(pw->pw_name);
|
spw = getspnam(pw->pw_name);
|
||||||
if (spw != NULL) {
|
if (!spw)
|
||||||
time_t today = time(NULL) / DAY;
|
return 0;
|
||||||
debug3("allowed_user: today %d sp_expire %d sp_lstchg %d"
|
|
||||||
" sp_max %d", (int)today, (int)spw->sp_expire,
|
|
||||||
(int)spw->sp_lstchg, (int)spw->sp_max);
|
|
||||||
|
|
||||||
/*
|
|
||||||
* We assume account and password expiration occurs the
|
|
||||||
* day after the day specified.
|
|
||||||
*/
|
|
||||||
if (spw->sp_expire != -1 && today > spw->sp_expire) {
|
|
||||||
log("Account %.100s has expired", pw->pw_name);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (spw->sp_lstchg == 0) {
|
|
||||||
log("User %.100s password has expired (root forced)",
|
|
||||||
pw->pw_name);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (spw->sp_max != -1 &&
|
|
||||||
today > spw->sp_lstchg + spw->sp_max) {
|
|
||||||
log("User %.100s password has expired (password aged)",
|
|
||||||
pw->pw_name);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
passwd = spw->sp_pwdp;
|
passwd = spw->sp_pwdp;
|
||||||
#else
|
#else
|
||||||
passwd = pw->pw_passwd;
|
passwd = pw->pw_passwd;
|
||||||
@ -131,6 +103,37 @@ allowed_user(struct passwd * pw)
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \
|
||||||
|
!defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
|
||||||
|
#define DAY (24L * 60 * 60) /* 1 day in seconds */
|
||||||
|
time_t today = time(NULL) / DAY;
|
||||||
|
debug3("allowed_user: today %d sp_expire %d sp_lstchg %d"
|
||||||
|
" sp_max %d", (int)today, (int)spw->sp_expire,
|
||||||
|
(int)spw->sp_lstchg, (int)spw->sp_max);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* We assume account and password expiration occurs the
|
||||||
|
* day after the day specified.
|
||||||
|
*/
|
||||||
|
if (spw->sp_expire != -1 && today > spw->sp_expire) {
|
||||||
|
log("Account %.100s has expired", pw->pw_name);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (spw->sp_lstchg == 0) {
|
||||||
|
log("User %.100s password has expired (root forced)",
|
||||||
|
pw->pw_name);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (spw->sp_max != -1 &&
|
||||||
|
today > spw->sp_lstchg + spw->sp_max) {
|
||||||
|
log("User %.100s password has expired (password aged)",
|
||||||
|
pw->pw_name);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Get the shell from the password data. An empty shell field is
|
* Get the shell from the password data. An empty shell field is
|
||||||
* legal, and means /bin/sh.
|
* legal, and means /bin/sh.
|
||||||
|
Loading…
Reference in New Issue
Block a user