summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog3
-rw-r--r--auth.c11
2 files changed, 11 insertions, 3 deletions
diff --git a/ChangeLog b/ChangeLog
index da3331b3..699402a7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -42,6 +42,7 @@
- (dtucker) [acconfig.h configure.ac dns.c openbsd-compat/getrrsetbyname.c
openbsd-compat/getrrsetbyname.h] DNS fingerprint support is now always
compiled in but disabled in config.
+ - (dtucker) [auth.c] Check for disabled password expiry on HP-UX Trusted Mode.
20031009
- (dtucker) [sshd_config.5] UsePAM defaults to "no". ok djm@
@@ -1359,4 +1360,4 @@
- Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
Report from murple@murple.net, diagnosis from dtucker@zip.com.au
-$Id: ChangeLog,v 1.3080 2003/10/15 06:57:57 dtucker Exp $
+$Id: ChangeLog,v 1.3081 2003/10/15 07:48:20 dtucker Exp $
diff --git a/auth.c b/auth.c
index 02967287..fcafae86 100644
--- a/auth.c
+++ b/auth.c
@@ -90,6 +90,7 @@ allowed_user(struct passwd * pw)
#ifdef HAS_SHADOW_EXPIRE
#define DAY (24L * 60 * 60) /* 1 day in seconds */
if (!options.use_pam && spw != NULL) {
+ int disabled = 0;
time_t today;
today = time(NULL) / DAY;
@@ -106,13 +107,19 @@ allowed_user(struct passwd * pw)
return 0;
}
- if (spw->sp_lstchg == 0) {
+#if defined(__hpux) && !defined(HAVE_SECUREWARE)
+ if (iscomsec() && spw->sp_min == 0 && spw->sp_max == 0 &&
+ spw->sp_warn == 0)
+ disabled = 1; /* Trusted Mode: expiry disabled */
+#endif
+
+ if (!disabled && spw->sp_lstchg == 0) {
logit("User %.100s password has expired (root forced)",
pw->pw_name);
return 0;
}
- if (spw->sp_max != -1 &&
+ if (!disabled && spw->sp_max != -1 &&
today > spw->sp_lstchg + spw->sp_max) {
logit("User %.100s password has expired (password aged)",
pw->pw_name);
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-25 17:14:46 +0000