tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- (djm) Bug #442: Check for and deny access to accounts with locked 

passwords. Patch from dtucker@zip.com.au
This commit is contained in:
Damien Miller 2003-01-07 12:19:32 +11:00
parent 5e4471e45a
commit 48cb8aa935
2 changed files with 20 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@ -1,6 +1,8 @@
20030107
- (djm) Bug #401: Work around Linux breakage with IPv6 mapped addresses.
Based on fix from yoshfuji@linux-ipv6.org
- (djm) Bug #442: Check for and deny access to accounts with locked
passwords. Patch from dtucker@zip.com.au
20030103
- (djm) Bug #461: ssh-copy-id fails with no arguments. Patch from
@ -929,4 +931,4 @@
save auth method before monitor_reset_key_state(); bugzilla bug #284;
ok provos@
$Id: ChangeLog,v 1.2541 2003/01/06 23:51:23 djm Exp $
$Id: ChangeLog,v 1.2542 2003/01/07 01:19:32 djm Exp $

23
auth.c
View File

@ -72,20 +72,23 @@ int
allowed_user(struct passwd * pw)
{
struct stat st;
const char *hostname = NULL, *ipaddr = NULL;
const char *hostname = NULL, *ipaddr = NULL, *passwd;
char *shell;
int i;
#ifdef WITH_AIXAUTHENTICATE
char *loginmsg;
#endif /* WITH_AIXAUTHENTICATE */
#if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \
!defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
!defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
struct spwd *spw;
#endif
/* Shouldn't be called if pw is NULL, but better safe than sorry... */
if (!pw || !pw->pw_name)
return 0;
#if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \
!defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
#define DAY (24L * 60 * 60) /* 1 day in seconds */
spw = getspnam(pw->pw_name);
if (spw != NULL) {
@ -116,12 +119,20 @@ allowed_user(struct passwd * pw)
return 0;
}
}
#else
/* Shouldn't be called if pw is NULL, but better safe than sorry... */
if (!pw || !pw->pw_name)
return 0;
#endif
#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
passwd = spw->sp_pwdp;
#else
passwd = pw->pw_passwd;
#endif
/* check for locked account */
if (strcmp(passwd, "*LK*") == 0 || passwd[0] == '!') {
log("User %.100s not allowed because account is locked",
pw->pw_name);
return 0;
}
/*
* Get the shell from the password data. An empty shell field is
* legal, and means /bin/sh.