summaryrefslogtreecommitdiffstats
path: root/crypto/openssh/auth.c
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/openssh/auth.c')
-rw-r--r--crypto/openssh/auth.c65
1 files changed, 14 insertions, 51 deletions
diff --git a/crypto/openssh/auth.c b/crypto/openssh/auth.c
index 479581f..6bed01c 100644
--- a/crypto/openssh/auth.c
+++ b/crypto/openssh/auth.c
@@ -23,15 +23,15 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth.c,v 1.49 2003/08/26 09:58:43 markus Exp $");
+RCSID("$OpenBSD: auth.c,v 1.51 2003/11/21 11:57:02 djm Exp $");
RCSID("$FreeBSD$");
#ifdef HAVE_LOGIN_H
#include <login.h>
#endif
-#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
+#ifdef USE_SHADOW
#include <shadow.h>
-#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
+#endif
#ifdef HAVE_LIBGEN_H
#include <libgen.h>
@@ -77,7 +77,7 @@ allowed_user(struct passwd * pw)
const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL;
char *shell;
int i;
-#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
+#ifdef USE_SHADOW
struct spwd *spw = NULL;
#endif
@@ -85,53 +85,24 @@ allowed_user(struct passwd * pw)
if (!pw || !pw->pw_name)
return 0;
-#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
+#ifdef USE_SHADOW
if (!options.use_pam)
spw = getspnam(pw->pw_name);
#ifdef HAS_SHADOW_EXPIRE
-#define DAY (24L * 60 * 60) /* 1 day in seconds */
- if (!options.use_pam && spw != NULL) {
- time_t today;
-
- today = time(NULL) / DAY;
- debug3("allowed_user: today %d sp_expire %d sp_lstchg %d"
- " sp_max %d", (int)today, (int)spw->sp_expire,
- (int)spw->sp_lstchg, (int)spw->sp_max);
-
- /*
- * We assume account and password expiration occurs the
- * day after the day specified.
- */
- if (spw->sp_expire != -1 && today > spw->sp_expire) {
- logit("Account %.100s has expired", pw->pw_name);
- return 0;
- }
-
- if (spw->sp_lstchg == 0) {
- logit("User %.100s password has expired (root forced)",
- pw->pw_name);
- return 0;
- }
-
- if (spw->sp_max != -1 &&
- today > spw->sp_lstchg + spw->sp_max) {
- logit("User %.100s password has expired (password aged)",
- pw->pw_name);
- return 0;
- }
- }
+ if (!options.use_pam && spw != NULL && auth_shadow_acctexpired(spw))
+ return 0;
#endif /* HAS_SHADOW_EXPIRE */
-#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
+#endif /* USE_SHADOW */
- /* grab passwd field for locked account check */
-#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
+ /* grab passwd field for locked account check */
+#ifdef USE_SHADOW
if (spw != NULL)
passwd = spw->sp_pwdp;
#else
passwd = pw->pw_passwd;
#endif
- /* check for locked account */
+ /* check for locked account */
if (!options.use_pam && passwd && *passwd) {
int locked = 0;
@@ -243,7 +214,7 @@ allowed_user(struct passwd * pw)
if ((pw->pw_uid != 0) && (geteuid() == 0)) {
char *msg;
- if (loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &msg) != 0) {
+ if (loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &msg) != 0) {
int loginrestrict_errno = errno;
if (msg && *msg) {
@@ -253,7 +224,7 @@ allowed_user(struct passwd * pw)
pw->pw_name, msg);
}
/* Don't fail if /etc/nologin set */
- if (!(loginrestrict_errno == EPERM &&
+ if (!(loginrestrict_errno == EPERM &&
stat(_PATH_NOLOGIN, &st) == 0))
return 0;
}
@@ -264,14 +235,6 @@ allowed_user(struct passwd * pw)
return 1;
}
-Authctxt *
-authctxt_new(void)
-{
- Authctxt *authctxt = xmalloc(sizeof(*authctxt));
- memset(authctxt, 0, sizeof(*authctxt));
- return authctxt;
-}
-
void
auth_log(Authctxt *authctxt, int authenticated, char *method, char *info)
{
@@ -599,7 +562,7 @@ fakepw(void)
memset(&fake, 0, sizeof(fake));
fake.pw_name = "NOUSER";
fake.pw_passwd =
- "$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK";
+ "$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK";
fake.pw_gecos = "NOUSER";
fake.pw_uid = -1;
fake.pw_gid = -1;
OpenPOWER on IntegriCloud