- (djm) Fix my fix of the fix for the Bug #442 for PAM case. Spotted by

dtucker@zip.com.au. Reorder for clarity too.
This commit is contained in:
Damien Miller 2003-01-07 23:55:59 +11:00
parent f25c18d7e8
commit 06817f9cd3
2 changed files with 39 additions and 34 deletions

View File

@ -12,6 +12,8 @@
nasties. Report from peak@argo.troja.mff.cuni.cz
- (djm) Bug #178: On AIX /etc/nologin wasnt't shown to users. Fix from
Ralf.Wenk@fh-karlsruhe.de and dtucker@zip.com.au
- (djm) Fix my fix of the fix for the Bug #442 for PAM case. Spotted by
dtucker@zip.com.au. Reorder for clarity too.
20030103
- (djm) Bug #461: ssh-copy-id fails with no arguments. Patch from
@ -940,4 +942,4 @@
save auth method before monitor_reset_key_state(); bugzilla bug #284;
ok provos@
$Id: ChangeLog,v 1.2547 2003/01/07 06:38:58 djm Exp $
$Id: ChangeLog,v 1.2548 2003/01/07 12:55:59 djm Exp $

33
auth.c
View File

@ -78,8 +78,7 @@ allowed_user(struct passwd * pw)
#ifdef WITH_AIXAUTHENTICATE
char *loginmsg;
#endif /* WITH_AIXAUTHENTICATE */
#if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \
!defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
struct spwd *spw;
#endif
@ -87,11 +86,26 @@ allowed_user(struct passwd * pw)
if (!pw || !pw->pw_name)
return 0;
/* Grab the password for locked account checking */
#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
spw = getspnam(pw->pw_name);
if (!spw)
return 0;
passwd = spw->sp_pwdp;
#else
passwd = pw->pw_passwd;
#endif
/* check for locked account */
if (strcmp(passwd, "*LK*") == 0 || passwd[0] == '!') {
log("User %.100s not allowed because account is locked",
pw->pw_name);
return 0;
}
#if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \
!defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
#define DAY (24L * 60 * 60) /* 1 day in seconds */
spw = getspnam(pw->pw_name);
if (spw != NULL) {
time_t today = time(NULL) / DAY;
debug3("allowed_user: today %d sp_expire %d sp_lstchg %d"
" sp_max %d", (int)today, (int)spw->sp_expire,
@ -118,19 +132,8 @@ allowed_user(struct passwd * pw)
pw->pw_name);
return 0;
}
}
passwd = spw->sp_pwdp;
#else
passwd = pw->pw_passwd;
#endif
/* check for locked account */
if (strcmp(passwd, "*LK*") == 0 || passwd[0] == '!') {
log("User %.100s not allowed because account is locked",
pw->pw_name);
return 0;
}
/*
* Get the shell from the password data. An empty shell field is
* legal, and means /bin/sh.