From owner-freebsd-bugs  Fri Jun 22 19: 0:20 2001
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 6BE4537B408
	for <freebsd-bugs@hub.freebsd.org>; Fri, 22 Jun 2001 19:00:15 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.3/8.11.3) id f5N20Fj99377;
	Fri, 22 Jun 2001 19:00:15 -0700 (PDT)
	(envelope-from gnats)
Date: Fri, 22 Jun 2001 19:00:15 -0700 (PDT)
Message-Id: <200106230200.f5N20Fj99377@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
Cc: 
From: Mike Wiacek <mikew@magpage.com>
Subject: Re: bin/28311: ftpd and sshd do not honor expired pw entries
Reply-To: Mike Wiacek <mikew@magpage.com>
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-bugs.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-bugs>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-bugs>
X-Loop: FreeBSD.org

The following reply was made to PR bin/28311; it has been noted by GNATS.

From: Mike Wiacek <mikew@magpage.com>
To: <freebsd-gnats-submit@FreeBSD.org>
Cc: <mike@sentex.net>
Subject: Re: bin/28311: ftpd and sshd do not honor expired pw entries
Date: Fri, 22 Jun 2001 21:56:52 -0400 (EDT)

 Below is a patch for ftpd.c to have pam check to see if a user's password
 has expired. I'm working on a patch for openssh tonight, and should have one
 shortly. This works on 4.3-stable.
 
 Mike Wiacek
 
 
 
 *** ftpd.c      Wed Mar 21 09:40:36 2001
 --- ftpd.new    Fri Jun 22 19:33:01 2001
 ***************
 *** 1151,1156 ****
 --- 1151,1167 ----
                 if ((e = pam_get_item(pamh, PAM_USER, &item)) ==
                     PAM_SUCCESS) {
                         tmpl_user = (const char *) item;
 +
 +                       /* Ok, the user is valid, BUT we have to check
 +                        * if their account has expired. If it has, deny
 +                        * access
 +                        */
 +
 +                       if(pam_acct_mgmt(pamh, NULL) != PAM_SUCCESS){
 +                               rval = -1;
 +                               break;
 +                       }
 +
                         if (strcmp((*ppw)->pw_name, tmpl_user) != 0)
                                 *ppw = getpwnam(tmpl_user);
 
 
 
 
 
 
 --------------------------------------------------------
 UNIX was not designed to stop you from doing stupid
 things, because that would also stop you from doing
 clever things. -- Doug Gwyn
 
   Mike Wiacek
   Systems Administrator
   Magpage Internet Services
   800-250-2990 Ext 226
 

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message