Commit 1f335fb8 authored by Damien Miller's avatar Damien Miller

- (djm) Account expiry support from Andreas Steinmetz <ast@domdv.de>

 - (djm) Added password expiry checking (no password change support)
parent c0fd17fd
......@@ -3,9 +3,10 @@ Tatu Ylonen <ylo@cs.hut.fi> - Creator of SSH
Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
Theo de Raadt, and Dug Song - Creators of OpenSSH
Andrew Stribblehill <a.d.stribblehill@durham.ac.uk> - Bugfixes
Andre Lucas <andre.lucas@dial.pipex.com> - new login code, many fixes
Andreas Steinmetz <ast@domdv.de> - Shadow password expiry support
Andrew McGill <andrewm@datrix.co.za> - SCO fixes
Andrew Stribblehill <a.d.stribblehill@durham.ac.uk> - Bugfixes
Andy Sloane <andy@guildsoftware.com> - bugfixes
Arkadiusz Miskiewicz <misiek@pld.org.pl> - IPv6 compat fixes
Ben Lindstrom <mouring@pconline.com> - NeXT support
......@@ -35,7 +36,7 @@ IWAMURO Motonori <iwa@mmp.fujitsu.co.jp> - bugfixes
Jani Hakala <jahakala@cc.jyu.fi> - Patches
Jarno Huuskonen <jhuuskon@hytti.uku.fi> - Bugfixes
Jim Knoble <jmknoble@pobox.com> - Many patches
jonchen (email unknown) - the original author of PAM support of SSH
Jonchen (email unknown) - the original author of PAM support of SSH
Juergen Keil <jk@tools.de> - scp bugfixing
Kees Cook <cook@cpoint.net> - scp fixes
Kenji Miyake <kenji@miyake.org> - Configure fixes
......
20000626
- (djm) Better fix to aclocal tests from Garrick James <garrick@james.net>
- (djm) Account expiry support from Andreas Steinmetz <ast@domdv.de>
- (djm) Added password expiry checking (no password change support)
- OpenBSD CVS update
- provos@cvs.openbsd.org 2000/06/25 14:17:58
[channels.c]
......
......@@ -133,6 +133,9 @@
/* Define if you want to disable shadow passwords */
#undef DISABLE_SHADOW
/* Define if you want to use shadow password expire field */
#undef HAS_SHADOW_EXPIRE
/* Define if you want have trusted HPUX */
#undef HAVE_HPUX_TRUSTED_SYSTEM_PW
......
......@@ -22,6 +22,9 @@ RCSID("$OpenBSD: auth.c,v 1.7 2000/05/17 21:37:24 deraadt Exp $");
#ifdef HAVE_LOGIN_H
#include <login.h>
#endif
#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
#include <shadow.h>
#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
#include "bufaux.h"
#include "ssh2.h"
......@@ -53,11 +56,32 @@ allowed_user(struct passwd * pw)
#ifdef WITH_AIXAUTHENTICATE
char *loginmsg;
#endif /* WITH_AIXAUTHENTICATE */
#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) && \
defined(HAS_SHADOW_EXPIRE)
struct spwd *spw;
/* Shouldn't be called if pw is NULL, but better safe than sorry... */
if (!pw)
return 0;
spw = getspnam(pw->pw_name);
if (spw == NULL)
return 0;
/* Check account expiry */
if ((spw->sp_expire > 0) && ((time(NULL) / 86400) > spw->sp_expire))
return 0;
/* Check password expiry */
if ((spw->sp_lstchg > 0) && (spw->sp_inact > 0) &&
((time(NULL) / 86400) > (spw->sp_lstchg + spw->sp_inact)))
return 0;
#else
/* Shouldn't be called if pw is NULL, but better safe than sorry... */
if (!pw)
return 0;
#endif
/*
* Get the shell from the password data. An empty shell field is
* legal, and means /bin/sh.
......
......@@ -236,6 +236,8 @@ if (test -z "$no_pam" && test "x$ac_cv_header_security_pam_appl_h" = "xyes") ; t
AC_CHECK_FUNCS(pam_getenvlist)
disable_shadow=yes
PAM_MSG="yes"
# Check PAM strerror arguments (old PAM)
......@@ -933,10 +935,30 @@ AC_ARG_WITH(shadow,
[
if test "x$withval" = "xno" ; then
AC_DEFINE(DISABLE_SHADOW)
disable_shadow=yes
fi
]
)
if test -z "$disable_shadow" ; then
AC_MSG_CHECKING([if the systems has expire shadow information])
AC_TRY_COMPILE(
[
#include <sys/types.h>
#include <shadow.h>
struct spwd sp;
],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
[ sp_expire_available=yes ], []
)
if test "x$sp_expire_available" = "xyes" ; then
AC_MSG_RESULT(yes)
AC_DEFINE(HAS_SHADOW_EXPIRE)
else
AC_MSG_RESULT(no)
fi
fi
# Use ip address instead of hostname in $DISPLAY
DISPLAY_HACK_MSG="no"
AC_ARG_WITH(ipaddr-display,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment