[configure.ac] Make sure -lcrypto is before -lsocket for sco3. ok mouring@

[openssh.git] / auth.c

diff --git a/auth.c b/auth.c
index 029672877ab17c8ffe0b21945f33f7b7f6add6a5..c6e7c21c41d55bd4fb6c8384b1006ac1ff932447 100644 (file)
--- a/auth.c
+++ b/auth.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth.c,v 1.50 2003/09/23 20:17:11 markus Exp $");
+RCSID("$OpenBSD: auth.c,v 1.51 2003/11/21 11:57:02 djm Exp $");
 
 #ifdef HAVE_LOGIN_H
 #include <login.h>
@@ -90,6 +90,7 @@ allowed_user(struct passwd * pw)
 #ifdef HAS_SHADOW_EXPIRE
 #define        DAY             (24L * 60 * 60) /* 1 day in seconds */
        if (!options.use_pam && spw != NULL) {
+               int disabled = 0;
                time_t today;
 
                today = time(NULL) / DAY;
@@ -105,24 +106,11 @@ allowed_user(struct passwd * pw)
                        logit("Account %.100s has expired", pw->pw_name);
                        return 0;
                }
-
-               if (spw->sp_lstchg == 0) {
-                       logit("User %.100s password has expired (root forced)",
-                           pw->pw_name);
-                       return 0;
-               }
-
-               if (spw->sp_max != -1 &&
-                   today > spw->sp_lstchg + spw->sp_max) {
-                       logit("User %.100s password has expired (password aged)",
-                           pw->pw_name);
-                       return 0;
-               }
        }
 #endif /* HAS_SHADOW_EXPIRE */
 #endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
 
-       /* grab passwd field for locked account check */
+       /* grab passwd field for locked account check */
 #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
        if (spw != NULL)
                passwd = spw->sp_pwdp;
@@ -130,7 +118,7 @@ allowed_user(struct passwd * pw)
        passwd = pw->pw_passwd;
 #endif
 
-       /* check for locked account */ 
+       /* check for locked account */
        if (!options.use_pam && passwd && *passwd) {
                int locked = 0;
 
@@ -242,7 +230,7 @@ allowed_user(struct passwd * pw)
        if ((pw->pw_uid != 0) && (geteuid() == 0)) {
                char *msg;
 
-               if (loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &msg) != 0) {
+               if (loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &msg) != 0) {
                        int loginrestrict_errno = errno;
 
                        if (msg && *msg) {
@@ -252,7 +240,7 @@ allowed_user(struct passwd * pw)
                                    pw->pw_name, msg);
                        }
                        /* Don't fail if /etc/nologin  set */
-                       if (!(loginrestrict_errno == EPERM && 
+                       if (!(loginrestrict_errno == EPERM &&
                            stat(_PATH_NOLOGIN, &st) == 0))
                                return 0;
                }
@@ -590,7 +578,7 @@ fakepw(void)
        memset(&fake, 0, sizeof(fake));
        fake.pw_name = "NOUSER";
        fake.pw_passwd =
-           "$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK";     
+           "$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK";
        fake.pw_gecos = "NOUSER";
        fake.pw_uid = -1;
        fake.pw_gid = -1;