Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / c6020651bae65dc5f8e1533c56871aed2c5883f3^! / .
commitc6020651bae65dc5f8e1533c56871aed2c5883f3[log] [tgz]
authorDarren Tucker <dtucker@zip.com.au>Wed Oct 15 17:48:20 2003 +1000
committerDarren Tucker <dtucker@zip.com.au>Wed Oct 15 17:48:20 2003 +1000
treebe19a733a8f9c198c756460c6917f5e48607e156
parentb8b4d0bbbe29467a47a4014f37882a52066af1e1 [diff]
 - (dtucker) [auth.c] Check for disabled password expiry on HP-UX Trusted Mode.

diff --git a/ChangeLog b/ChangeLog
index da3331b..699402a 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -42,6 +42,7 @@
  - (dtucker) [acconfig.h configure.ac dns.c openbsd-compat/getrrsetbyname.c
    openbsd-compat/getrrsetbyname.h] DNS fingerprint support is now always
    compiled in but disabled in config.
+ - (dtucker) [auth.c] Check for disabled password expiry on HP-UX Trusted Mode.
 
 20031009
  - (dtucker) [sshd_config.5] UsePAM defaults to "no".  ok djm@
@@ -1359,4 +1360,4 @@
  - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
    Report from murple@murple.net, diagnosis from dtucker@zip.com.au
 
-$Id: ChangeLog,v 1.3080 2003/10/15 06:57:57 dtucker Exp $
+$Id: ChangeLog,v 1.3081 2003/10/15 07:48:20 dtucker Exp $

diff --git a/auth.c b/auth.c
index 0296728..fcafae8 100644
--- a/auth.c
+++ b/auth.c

@@ -90,6 +90,7 @@
 #ifdef HAS_SHADOW_EXPIRE
 #define	DAY		(24L * 60 * 60) /* 1 day in seconds */
 	if (!options.use_pam && spw != NULL) {
+		int disabled = 0;
 		time_t today;
 
 		today = time(NULL) / DAY;
@@ -106,13 +107,19 @@
 			return 0;
 		}
 
-		if (spw->sp_lstchg == 0) {
+#if defined(__hpux) && !defined(HAVE_SECUREWARE)
+		if (iscomsec() && spw->sp_min == 0 && spw->sp_max == 0 &&
+		     spw->sp_warn == 0)
+			disabled = 1;   /* Trusted Mode: expiry disabled */
+#endif
+
+		if (!disabled && spw->sp_lstchg == 0) {
 			logit("User %.100s password has expired (root forced)",
 			    pw->pw_name);
 			return 0;
 		}
 
-		if (spw->sp_max != -1 &&
+		if (!disabled && spw->sp_max != -1 &&
 		    today > spw->sp_lstchg + spw->sp_max) {
 			logit("User %.100s password has expired (password aged)",
 			    pw->pw_name);