tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-07-27 07:44:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

- (djm) Bug #442: Check for and deny access to accounts with locked

Browse Source 
passwords. Patch from dtucker@zip.com.au
This commit is contained in:
Damien Miller 2003-01-07 12:19:32 +11:00
parent 5e4471e45a
commit 48cb8aa935
2 changed files with 20 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@ -1,6 +1,8 @@
20030107 20030107
- (djm) Bug #401: Work around Linux breakage with IPv6 mapped addresses. - (djm) Bug #401: Work around Linux breakage with IPv6 mapped addresses.
Based on fix from yoshfuji@linux-ipv6.org Based on fix from yoshfuji@linux-ipv6.org
- (djm) Bug #442: Check for and deny access to accounts with locked
passwords. Patch from dtucker@zip.com.au
20030103 20030103
- (djm) Bug #461: ssh-copy-id fails with no arguments. Patch from - (djm) Bug #461: ssh-copy-id fails with no arguments. Patch from
@ -929,4 +931,4 @@
save auth method before monitor_reset_key_state(); bugzilla bug #284; save auth method before monitor_reset_key_state(); bugzilla bug #284;
ok provos@ ok provos@
$Id: ChangeLog,v 1.2541 2003/01/06 23:51:23 djm Exp $ $Id: ChangeLog,v 1.2542 2003/01/07 01:19:32 djm Exp $

21
auth.c
View File

@ -72,7 +72,7 @@ int
allowed_user(struct passwd * pw) allowed_user(struct passwd * pw)
{ {
struct stat st; struct stat st;
const char *hostname = NULL, *ipaddr = NULL; const char *hostname = NULL, *ipaddr = NULL, *passwd;
char *shell; char *shell;
int i; int i;
#ifdef WITH_AIXAUTHENTICATE #ifdef WITH_AIXAUTHENTICATE
@ -81,11 +81,14 @@ allowed_user(struct passwd * pw)
#if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \ #if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \
!defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE) !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
struct spwd *spw; struct spwd *spw;
#endif
/* Shouldn't be called if pw is NULL, but better safe than sorry... */ /* Shouldn't be called if pw is NULL, but better safe than sorry... */
if (!pw || !pw->pw_name) if (!pw || !pw->pw_name)
return 0; return 0;
#if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \
!defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
#define DAY (24L * 60 * 60) /* 1 day in seconds */ #define DAY (24L * 60 * 60) /* 1 day in seconds */
spw = getspnam(pw->pw_name); spw = getspnam(pw->pw_name);
if (spw != NULL) { if (spw != NULL) {
@ -116,12 +119,20 @@ allowed_user(struct passwd * pw)
return 0; return 0;
} }
} }
#else
/* Shouldn't be called if pw is NULL, but better safe than sorry... */
if (!pw || !pw->pw_name)
return 0;
#endif #endif
#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
passwd = spw->sp_pwdp;
#else
passwd = pw->pw_passwd;
#endif
/* check for locked account */
if (strcmp(passwd, "*LK*") == 0 || passwd[0] == '!') {
log("User %.100s not allowed because account is locked",
pw->pw_name);
return 0;
}
/* /*
* Get the shell from the password data. An empty shell field is * Get the shell from the password data. An empty shell field is
* legal, and means /bin/sh. * legal, and means /bin/sh.