mirror of git://anongit.mindrot.org/openssh.git
- (djm) Bug #442: Check for and deny access to accounts with locked
passwords. Patch from dtucker@zip.com.au
This commit is contained in:
parent
5e4471e45a
commit
48cb8aa935
|
@ -1,6 +1,8 @@
|
|||
20030107
|
||||
- (djm) Bug #401: Work around Linux breakage with IPv6 mapped addresses.
|
||||
Based on fix from yoshfuji@linux-ipv6.org
|
||||
- (djm) Bug #442: Check for and deny access to accounts with locked
|
||||
passwords. Patch from dtucker@zip.com.au
|
||||
|
||||
20030103
|
||||
- (djm) Bug #461: ssh-copy-id fails with no arguments. Patch from
|
||||
|
@ -929,4 +931,4 @@
|
|||
save auth method before monitor_reset_key_state(); bugzilla bug #284;
|
||||
ok provos@
|
||||
|
||||
$Id: ChangeLog,v 1.2541 2003/01/06 23:51:23 djm Exp $
|
||||
$Id: ChangeLog,v 1.2542 2003/01/07 01:19:32 djm Exp $
|
||||
|
|
23
auth.c
23
auth.c
|
@ -72,20 +72,23 @@ int
|
|||
allowed_user(struct passwd * pw)
|
||||
{
|
||||
struct stat st;
|
||||
const char *hostname = NULL, *ipaddr = NULL;
|
||||
const char *hostname = NULL, *ipaddr = NULL, *passwd;
|
||||
char *shell;
|
||||
int i;
|
||||
#ifdef WITH_AIXAUTHENTICATE
|
||||
char *loginmsg;
|
||||
#endif /* WITH_AIXAUTHENTICATE */
|
||||
#if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \
|
||||
!defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
|
||||
!defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
|
||||
struct spwd *spw;
|
||||
#endif
|
||||
|
||||
/* Shouldn't be called if pw is NULL, but better safe than sorry... */
|
||||
if (!pw || !pw->pw_name)
|
||||
return 0;
|
||||
|
||||
#if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \
|
||||
!defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
|
||||
#define DAY (24L * 60 * 60) /* 1 day in seconds */
|
||||
spw = getspnam(pw->pw_name);
|
||||
if (spw != NULL) {
|
||||
|
@ -116,12 +119,20 @@ allowed_user(struct passwd * pw)
|
|||
return 0;
|
||||
}
|
||||
}
|
||||
#else
|
||||
/* Shouldn't be called if pw is NULL, but better safe than sorry... */
|
||||
if (!pw || !pw->pw_name)
|
||||
return 0;
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
|
||||
passwd = spw->sp_pwdp;
|
||||
#else
|
||||
passwd = pw->pw_passwd;
|
||||
#endif
|
||||
/* check for locked account */
|
||||
if (strcmp(passwd, "*LK*") == 0 || passwd[0] == '!') {
|
||||
log("User %.100s not allowed because account is locked",
|
||||
pw->pw_name);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* Get the shell from the password data. An empty shell field is
|
||||
* legal, and means /bin/sh.
|
||||
|
|
Loading…
Reference in New Issue