| auth.c (98684) | auth.c (98941) |
|---|---|
| 1/* 2 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. --- 10 unchanged lines hidden (view full) --- 19 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 20 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 21 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23 */ 24 25#include "includes.h" 26RCSID("$OpenBSD: auth.c,v 1.43 2002/05/17 14:27:55 millert Exp $"); | 1/* 2 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. --- 10 unchanged lines hidden (view full) --- 19 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 20 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 21 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23 */ 24 25#include "includes.h" 26RCSID("$OpenBSD: auth.c,v 1.43 2002/05/17 14:27:55 millert Exp $"); |
| 27RCSID("$FreeBSD: head/crypto/openssh/auth.c 98684 2002-06-23 16:09:08Z des $"); | |
| 28 | 27 |
| 28#ifdef HAVE_LOGIN_H 29#include <login.h> 30#endif 31#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) 32#include <shadow.h> 33#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */ 34 35#ifdef HAVE_LIBGEN_H |
|
| 29#include <libgen.h> | 36#include <libgen.h> |
| 37#endif |
|
| 30 31#include "xmalloc.h" 32#include "match.h" 33#include "groupaccess.h" 34#include "log.h" 35#include "servconf.h" 36#include "auth.h" 37#include "auth-options.h" --- 24 unchanged lines hidden (view full) --- 62 */ 63int 64allowed_user(struct passwd * pw) 65{ 66 struct stat st; 67 const char *hostname = NULL, *ipaddr = NULL; 68 char *shell; 69 int i; | 38 39#include "xmalloc.h" 40#include "match.h" 41#include "groupaccess.h" 42#include "log.h" 43#include "servconf.h" 44#include "auth.h" 45#include "auth-options.h" --- 24 unchanged lines hidden (view full) --- 70 */ 71int 72allowed_user(struct passwd * pw) 73{ 74 struct stat st; 75 const char *hostname = NULL, *ipaddr = NULL; 76 char *shell; 77 int i; |
| 78#ifdef WITH_AIXAUTHENTICATE 79 char *loginmsg; 80#endif /* WITH_AIXAUTHENTICATE */ 81#if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \ 82 !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE) 83 struct spwd *spw; |
|
| 70 71 /* Shouldn't be called if pw is NULL, but better safe than sorry... */ 72 if (!pw || !pw->pw_name) 73 return 0; 74 | 84 85 /* Shouldn't be called if pw is NULL, but better safe than sorry... */ 86 if (!pw || !pw->pw_name) 87 return 0; 88 |
| 89#define DAY (24L * 60 * 60) /* 1 day in seconds */ 90 spw = getspnam(pw->pw_name); 91 if (spw != NULL) { 92 time_t today = time(NULL) / DAY; 93 debug3("allowed_user: today %d sp_expire %d sp_lstchg %d" 94 " sp_max %d", (int)today, (int)spw->sp_expire, 95 (int)spw->sp_lstchg, (int)spw->sp_max); 96 97 /* 98 * We assume account and password expiration occurs the 99 * day after the day specified. 100 */ 101 if (spw->sp_expire != -1 && today > spw->sp_expire) { 102 log("Account %.100s has expired", pw->pw_name); 103 return 0; 104 } 105 106 if (spw->sp_lstchg == 0) { 107 log("User %.100s password has expired (root forced)", 108 pw->pw_name); 109 return 0; 110 } 111 112 if (spw->sp_max != -1 && 113 today > spw->sp_lstchg + spw->sp_max) { 114 log("User %.100s password has expired (password aged)", 115 pw->pw_name); 116 return 0; 117 } 118 } 119#else 120 /* Shouldn't be called if pw is NULL, but better safe than sorry... */ 121 if (!pw || !pw->pw_name) 122 return 0; 123#endif 124 |
|
| 75 /* 76 * Get the shell from the password data. An empty shell field is 77 * legal, and means /bin/sh. 78 */ 79 shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell; 80 81 /* deny if shell does not exists or is not executable */ 82 if (stat(shell, &st) != 0) { --- 62 unchanged lines hidden (view full) --- 145 options.num_allow_groups)) { 146 ga_free(); 147 log("User %.100s not allowed because none of user's groups are listed in AllowGroups", 148 pw->pw_name); 149 return 0; 150 } 151 ga_free(); 152 } | 125 /* 126 * Get the shell from the password data. An empty shell field is 127 * legal, and means /bin/sh. 128 */ 129 shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell; 130 131 /* deny if shell does not exists or is not executable */ 132 if (stat(shell, &st) != 0) { --- 62 unchanged lines hidden (view full) --- 195 options.num_allow_groups)) { 196 ga_free(); 197 log("User %.100s not allowed because none of user's groups are listed in AllowGroups", 198 pw->pw_name); 199 return 0; 200 } 201 ga_free(); 202 } |
| 203 204#ifdef WITH_AIXAUTHENTICATE 205 if (loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &loginmsg) != 0) { 206 if (loginmsg && *loginmsg) { 207 /* Remove embedded newlines (if any) */ 208 char *p; 209 for (p = loginmsg; *p; p++) { 210 if (*p == '\n') 211 *p = ' '; 212 } 213 /* Remove trailing newline */ 214 *--p = '\0'; 215 log("Login restricted for %s: %.100s", pw->pw_name, loginmsg); 216 } 217 return 0; 218 } 219#endif /* WITH_AIXAUTHENTICATE */ 220 |
|
| 153 /* We found no reason not to let this user try to log on... */ 154 return 1; 155} 156 157Authctxt * 158authctxt_new(void) 159{ 160 Authctxt *authctxt = xmalloc(sizeof(*authctxt)); --- 311 unchanged lines hidden --- | 221 /* We found no reason not to let this user try to log on... */ 222 return 1; 223} 224 225Authctxt * 226authctxt_new(void) 227{ 228 Authctxt *authctxt = xmalloc(sizeof(*authctxt)); --- 311 unchanged lines hidden --- |