20030107
- (djm) Bug #401: Work around Linux breakage with IPv6 mapped addresses.
Based on fix from yoshfuji@linux-ipv6.org
+ - (djm) Bug #442: Check for and deny access to accounts with locked
+ passwords. Patch from dtucker@zip.com.au
20030103
- (djm) Bug #461: ssh-copy-id fails with no arguments. Patch from
allowed_user(struct passwd * pw)
{
struct stat st;
- const char *hostname = NULL, *ipaddr = NULL;
+ const char *hostname = NULL, *ipaddr = NULL, *passwd;
char *shell;
int i;
#ifdef WITH_AIXAUTHENTICATE
char *loginmsg;
#endif /* WITH_AIXAUTHENTICATE */
#if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \
- !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
+ !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
struct spwd *spw;
+#endif
/* Shouldn't be called if pw is NULL, but better safe than sorry... */
if (!pw || !pw->pw_name)
return 0;
+#if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \
+ !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
#define DAY (24L * 60 * 60) /* 1 day in seconds */
spw = getspnam(pw->pw_name);
if (spw != NULL) {
return 0;
}
}
+#endif
+
+#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
+ passwd = spw->sp_pwdp;
#else
- /* Shouldn't be called if pw is NULL, but better safe than sorry... */
- if (!pw || !pw->pw_name)
- return 0;
+ passwd = pw->pw_passwd;
#endif
+ /* check for locked account */
+ if (strcmp(passwd, "*LK*") == 0 || passwd[0] == '!') {
+ log("User %.100s not allowed because account is locked",
+ pw->pw_name);
+ return 0;
+ }
/*
* Get the shell from the password data. An empty shell field is
andersk / openssh.git / commitdiff
