*/
#include "includes.h"
-RCSID("$OpenBSD: auth.c,v 1.51 2003/11/21 11:57:02 djm Exp $");
+RCSID("$OpenBSD: auth.c,v 1.54 2004/05/23 23:59:53 dtucker Exp $");
#ifdef HAVE_LOGIN_H
#include <login.h>
#endif
-#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
+#ifdef USE_SHADOW
#include <shadow.h>
-#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
+#endif
#ifdef HAVE_LIBGEN_H
#include <libgen.h>
#include "buffer.h"
#include "bufaux.h"
#include "uidswap.h"
-#include "tildexpand.h"
#include "misc.h"
#include "bufaux.h"
#include "packet.h"
const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL;
char *shell;
int i;
-#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
+#ifdef USE_SHADOW
struct spwd *spw = NULL;
#endif
if (!pw || !pw->pw_name)
return 0;
-#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
+#ifdef USE_SHADOW
if (!options.use_pam)
spw = getspnam(pw->pw_name);
#ifdef HAS_SHADOW_EXPIRE
-#define DAY (24L * 60 * 60) /* 1 day in seconds */
- if (!options.use_pam && spw != NULL) {
- int disabled = 0;
- time_t today;
-
- today = time(NULL) / DAY;
- debug3("allowed_user: today %d sp_expire %d sp_lstchg %d"
- " sp_max %d", (int)today, (int)spw->sp_expire,
- (int)spw->sp_lstchg, (int)spw->sp_max);
-
- /*
- * We assume account and password expiration occurs the
- * day after the day specified.
- */
- if (spw->sp_expire != -1 && today > spw->sp_expire) {
- logit("Account %.100s has expired", pw->pw_name);
- return 0;
- }
-
-#if defined(__hpux) && !defined(HAVE_SECUREWARE)
- if (iscomsec() && spw->sp_min == 0 && spw->sp_max == 0 &&
- spw->sp_warn == 0)
- disabled = 1; /* Trusted Mode: expiry disabled */
-#endif
-
- if (!disabled && spw->sp_lstchg == 0) {
- logit("User %.100s password has expired (root forced)",
- pw->pw_name);
- return 0;
- }
-
- if (!disabled && spw->sp_max != -1 &&
- today > spw->sp_lstchg + spw->sp_max) {
- logit("User %.100s password has expired (password aged)",
- pw->pw_name);
- return 0;
- }
- }
+ if (!options.use_pam && spw != NULL && auth_shadow_acctexpired(spw))
+ return 0;
#endif /* HAS_SHADOW_EXPIRE */
-#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
+#endif /* USE_SHADOW */
/* grab passwd field for locked account check */
-#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
+#ifdef USE_SHADOW
if (spw != NULL)
passwd = spw->sp_pwdp;
#else
/* Raise logging level */
if (authenticated == 1 ||
!authctxt->valid ||
- authctxt->failures >= AUTH_FAIL_LOG ||
+ authctxt->failures >= options.max_authtries / 2 ||
strcmp(method, "password") == 0)
authlog = logit;
memset(&fake, 0, sizeof(fake));
fake.pw_name = "NOUSER";
fake.pw_passwd =
- "$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK";
+ "$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK";
fake.pw_gecos = "NOUSER";
- fake.pw_uid = -1;
- fake.pw_gid = -1;
+ fake.pw_uid = (uid_t)-1;
+ fake.pw_gid = (gid_t)-1;
#ifdef HAVE_PW_CLASS_IN_PASSWD
fake.pw_class = "";
#endif
andersk / openssh.git / blobdiff