- (djm) Revert fix for Bug #442 for now.

ChangeLog

@@ -1,3 +1,6 @@
+20030118
+ - (djm) Revert fix for Bug #442 for now.
+
 20030117
  - (djm) Bug #470: Detect strnvis, not strvis in configure.
     From d_wllms@lanl.gov
@@ -1031,4 +1034,4 @@
      save auth method before monitor_reset_key_state(); bugzilla bug #284;
      ok provos@
 
-$Id: ChangeLog,v 1.2574 2003/01/16 23:31:38 djm Exp $
+$Id: ChangeLog,v 1.2575 2003/01/18 05:24:06 djm Exp $

auth.c

@@ -72,68 +72,52 @@ int
 allowed_user(struct passwd * pw)
 {
 	struct stat st;
-	const char *hostname = NULL, *ipaddr = NULL, *passwd;
+	const char *hostname = NULL, *ipaddr = NULL;
 	char *shell;
 	int i;
 #ifdef WITH_AIXAUTHENTICATE
 	char *loginmsg;
 #endif /* WITH_AIXAUTHENTICATE */
-#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
+#if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \
+    !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
 	struct spwd *spw;
-#if !defined(USE_PAM) && defined(HAS_SHADOW_EXPIRE)
 	time_t today;
-#endif
 #endif
 
 	/* Shouldn't be called if pw is NULL, but better safe than sorry... */
 	if (!pw || !pw->pw_name)
 		return 0;
 
-	/* Grab the password for locked account checking */
-#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
-	spw = getspnam(pw->pw_name);
-	if (!spw)
-		return 0;
-	passwd = spw->sp_pwdp;
-#else
-	passwd = pw->pw_passwd;
-#endif
-
-	/* check for locked account */
-	if (strcmp(passwd, "*LK*") == 0 || passwd[0] == '!') {
-		log("User %.100s not allowed because account is locked",
-		    pw->pw_name);
-		return 0;
-	}
-
 #if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \
     !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
 #define	DAY		(24L * 60 * 60) /* 1 day in seconds */
-	today = time(NULL) / DAY;
+	if ((spw = getspnam(pw->pw_name)) != NULL) {
-	debug3("allowed_user: today %d sp_expire %d sp_lstchg %d"
+		today = time(NULL) / DAY;
-	    " sp_max %d", (int)today, (int)spw->sp_expire,
+		debug3("allowed_user: today %d sp_expire %d sp_lstchg %d"
-	    (int)spw->sp_lstchg, (int)spw->sp_max);
+		    " sp_max %d", (int)today, (int)spw->sp_expire,
+		    (int)spw->sp_lstchg, (int)spw->sp_max);
 
-	/*
+		/*
-	 * We assume account and password expiration occurs the
+		 * We assume account and password expiration occurs the
-	 * day after the day specified.
+		 * day after the day specified.
-	 */
+		 */
-	if (spw->sp_expire != -1 && today > spw->sp_expire) {
+		if (spw->sp_expire != -1 && today > spw->sp_expire) {
-		log("Account %.100s has expired", pw->pw_name);
+			log("Account %.100s has expired", pw->pw_name);
-		return 0;
+			return 0;
-	}
+		}
 
-	if (spw->sp_lstchg == 0) {
+		if (spw->sp_lstchg == 0) {
-		log("User %.100s password has expired (root forced)",
+			log("User %.100s password has expired (root forced)",
-		    pw->pw_name);
+			    pw->pw_name);
-		return 0;
+			return 0;
-	}
+		}
 
-	if (spw->sp_max != -1 &&
+		if (spw->sp_max != -1 &&
-	    today > spw->sp_lstchg + spw->sp_max) {
+		    today > spw->sp_lstchg + spw->sp_max) {
-		log("User %.100s password has expired (password aged)",
+			log("User %.100s password has expired (password aged)",
-		    pw->pw_name);
+			    pw->pw_name);
-		return 0;
+			return 0;
+		}
 	}
 #endif
 
@@ -222,7 +206,7 @@ allowed_user(struct passwd * pw)
 	 * PermitRootLogin to control logins via ssh), or if running as
 	 * non-root user (since loginrestrictions will always fail).
 	 */
-	if ( (pw->pw_uid != 0) && (geteuid() == 0) &&
+	if ((pw->pw_uid != 0) && (geteuid() == 0) &&
 	    loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &loginmsg) != 0) {
 		int loginrestrict_errno = errno;