Date: Fri, 22 Jun 2001 19:00:15 -0700 (PDT) From: Mike Wiacek <mikew@magpage.com> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/28311: ftpd and sshd do not honor expired pw entries Message-ID: <200106230200.f5N20Fj99377@freefall.freebsd.org>
index | next in thread | raw e-mail
The following reply was made to PR bin/28311; it has been noted by GNATS.
From: Mike Wiacek <mikew@magpage.com>
To: <freebsd-gnats-submit@FreeBSD.org>
Cc: <mike@sentex.net>
Subject: Re: bin/28311: ftpd and sshd do not honor expired pw entries
Date: Fri, 22 Jun 2001 21:56:52 -0400 (EDT)
Below is a patch for ftpd.c to have pam check to see if a user's password
has expired. I'm working on a patch for openssh tonight, and should have one
shortly. This works on 4.3-stable.
Mike Wiacek
*** ftpd.c Wed Mar 21 09:40:36 2001
--- ftpd.new Fri Jun 22 19:33:01 2001
***************
*** 1151,1156 ****
--- 1151,1167 ----
if ((e = pam_get_item(pamh, PAM_USER, &item)) ==
PAM_SUCCESS) {
tmpl_user = (const char *) item;
+
+ /* Ok, the user is valid, BUT we have to check
+ * if their account has expired. If it has, deny
+ * access
+ */
+
+ if(pam_acct_mgmt(pamh, NULL) != PAM_SUCCESS){
+ rval = -1;
+ break;
+ }
+
if (strcmp((*ppw)->pw_name, tmpl_user) != 0)
*ppw = getpwnam(tmpl_user);
--------------------------------------------------------
UNIX was not designed to stop you from doing stupid
things, because that would also stop you from doing
clever things. -- Doug Gwyn
Mike Wiacek
Systems Administrator
Magpage Internet Services
800-250-2990 Ext 226
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200106230200.f5N20Fj99377>