diff options
author | Damien Miller <djm@mindrot.org> | 2003-01-07 12:19:32 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2003-01-07 12:19:32 +1100 |
commit | 48cb8aa935211ff95ff62267a799d3548df442d4 (patch) | |
tree | 6742fd1d49917a35b8cffd8e1c08e4d553343f9f /auth.c | |
parent | 5e4471e45a9ba9a4ecafa91e15142feaa682bf02 (diff) |
- (djm) Bug #442: Check for and deny access to accounts with locked
passwords. Patch from dtucker@zip.com.au
Diffstat (limited to 'auth.c')
-rw-r--r-- | auth.c | 21 |
1 files changed, 16 insertions, 5 deletions
@@ -72,20 +72,23 @@ int allowed_user(struct passwd * pw) { struct stat st; - const char *hostname = NULL, *ipaddr = NULL; + const char *hostname = NULL, *ipaddr = NULL, *passwd; char *shell; int i; #ifdef WITH_AIXAUTHENTICATE char *loginmsg; #endif /* WITH_AIXAUTHENTICATE */ #if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \ - !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE) + !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE) struct spwd *spw; +#endif /* Shouldn't be called if pw is NULL, but better safe than sorry... */ if (!pw || !pw->pw_name) return 0; +#if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \ + !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE) #define DAY (24L * 60 * 60) /* 1 day in seconds */ spw = getspnam(pw->pw_name); if (spw != NULL) { @@ -116,11 +119,19 @@ allowed_user(struct passwd * pw) return 0; } } +#endif + +#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) + passwd = spw->sp_pwdp; #else - /* Shouldn't be called if pw is NULL, but better safe than sorry... */ - if (!pw || !pw->pw_name) - return 0; + passwd = pw->pw_passwd; #endif + /* check for locked account */ + if (strcmp(passwd, "*LK*") == 0 || passwd[0] == '!') { + log("User %.100s not allowed because account is locked", + pw->pw_name); + return 0; + } /* * Get the shell from the password data. An empty shell field is |