- (djm) Fix my fix of the fix for the Bug #442 for PAM case. Spotted by
dtucker@zip.com.au. Reorder for clarity too.
diff --git a/ChangeLog b/ChangeLog
index 890b162..2441fdf 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -12,6 +12,8 @@
nasties. Report from peak@argo.troja.mff.cuni.cz
- (djm) Bug #178: On AIX /etc/nologin wasnt't shown to users. Fix from
Ralf.Wenk@fh-karlsruhe.de and dtucker@zip.com.au
+ - (djm) Fix my fix of the fix for the Bug #442 for PAM case. Spotted by
+ dtucker@zip.com.au. Reorder for clarity too.
20030103
- (djm) Bug #461: ssh-copy-id fails with no arguments. Patch from
@@ -940,4 +942,4 @@
save auth method before monitor_reset_key_state(); bugzilla bug #284;
ok provos@
-$Id: ChangeLog,v 1.2547 2003/01/07 06:38:58 djm Exp $
+$Id: ChangeLog,v 1.2548 2003/01/07 12:55:59 djm Exp $
diff --git a/auth.c b/auth.c
index 7deded2..48586cc 100644
--- a/auth.c
+++ b/auth.c
@@ -78,8 +78,7 @@
#ifdef WITH_AIXAUTHENTICATE
char *loginmsg;
#endif /* WITH_AIXAUTHENTICATE */
-#if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \
- !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
+#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
struct spwd *spw;
#endif
@@ -87,38 +86,11 @@
if (!pw || !pw->pw_name)
return 0;
-#if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \
- !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
-#define DAY (24L * 60 * 60) /* 1 day in seconds */
+ /* Grab the password for locked account checking */
+#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
spw = getspnam(pw->pw_name);
- if (spw != NULL) {
- time_t today = time(NULL) / DAY;
- debug3("allowed_user: today %d sp_expire %d sp_lstchg %d"
- " sp_max %d", (int)today, (int)spw->sp_expire,
- (int)spw->sp_lstchg, (int)spw->sp_max);
-
- /*
- * We assume account and password expiration occurs the
- * day after the day specified.
- */
- if (spw->sp_expire != -1 && today > spw->sp_expire) {
- log("Account %.100s has expired", pw->pw_name);
- return 0;
- }
-
- if (spw->sp_lstchg == 0) {
- log("User %.100s password has expired (root forced)",
- pw->pw_name);
- return 0;
- }
-
- if (spw->sp_max != -1 &&
- today > spw->sp_lstchg + spw->sp_max) {
- log("User %.100s password has expired (password aged)",
- pw->pw_name);
- return 0;
- }
- }
+ if (!spw)
+ return 0;
passwd = spw->sp_pwdp;
#else
passwd = pw->pw_passwd;
@@ -131,6 +103,37 @@
return 0;
}
+#if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \
+ !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
+#define DAY (24L * 60 * 60) /* 1 day in seconds */
+ time_t today = time(NULL) / DAY;
+ debug3("allowed_user: today %d sp_expire %d sp_lstchg %d"
+ " sp_max %d", (int)today, (int)spw->sp_expire,
+ (int)spw->sp_lstchg, (int)spw->sp_max);
+
+ /*
+ * We assume account and password expiration occurs the
+ * day after the day specified.
+ */
+ if (spw->sp_expire != -1 && today > spw->sp_expire) {
+ log("Account %.100s has expired", pw->pw_name);
+ return 0;
+ }
+
+ if (spw->sp_lstchg == 0) {
+ log("User %.100s password has expired (root forced)",
+ pw->pw_name);
+ return 0;
+ }
+
+ if (spw->sp_max != -1 &&
+ today > spw->sp_lstchg + spw->sp_max) {
+ log("User %.100s password has expired (password aged)",
+ pw->pw_name);
+ return 0;
+ }
+#endif
+
/*
* Get the shell from the password data. An empty shell field is
* legal, and means /bin/sh.