summaryrefslogtreecommitdiffstats
path: root/platform.c
diff options
context:
space:
mode:
authorDarren Tucker <dtucker@dtucker.net>2022-03-26 02:49:50 +0100
committerDarren Tucker <dtucker@dtucker.net>2022-03-26 02:49:50 +0100
commit2923d026e55998133c0f6e5186dca2a3c0fa5ff5 (patch)
tree85f247a961f6f27bf53f436e74aae0b5f1c1b03f /platform.c
parentAdd OpenWRT mips and mipsel test targets. (diff)
downloadopenssh-2923d026e55998133c0f6e5186dca2a3c0fa5ff5.tar.xz
openssh-2923d026e55998133c0f6e5186dca2a3c0fa5ff5.zip
Factor out platform-specific locked account check.
Also fixes an incorrect free on platforms with both libiaf and shadow passwords (probably only Unixware). Prompted by github PR#284, originally from @c3h2_ctf and stoeckmann@.
Diffstat (limited to 'platform.c')
-rw-r--r--platform.c51
1 files changed, 51 insertions, 0 deletions
diff --git a/platform.c b/platform.c
index 44ba71dc5..4fe8744ee 100644
--- a/platform.c
+++ b/platform.c
@@ -18,6 +18,7 @@
#include <stdarg.h>
#include <stdio.h>
+#include <string.h>
#include <unistd.h>
#include "log.h"
@@ -197,3 +198,53 @@ platform_krb5_get_principal_name(const char *pw_name)
return NULL;
#endif
}
+
+/* returns 1 if account is locked */
+int
+platform_locked_account(struct passwd *pw)
+{
+ int locked = 0;
+ char *passwd = pw->pw_passwd;
+#ifdef USE_SHADOW
+ struct spwd *spw = NULL;
+#ifdef USE_LIBIAF
+ char *iaf_passwd = NULL;
+#endif
+
+ spw = getspnam(pw->pw_name);
+#ifdef HAS_SHADOW_EXPIRE
+ if (spw != NULL && auth_shadow_acctexpired(spw))
+ return 1;
+#endif /* HAS_SHADOW_EXPIRE */
+
+ if (spw != NULL)
+#ifdef USE_LIBIAF
+ iaf_passwd = passwd = get_iaf_password(pw);
+#else
+ passwd = spw->sp_pwdp;
+#endif /* USE_LIBIAF */
+#endif
+
+ /* check for locked account */
+ if (passwd && *passwd) {
+#ifdef LOCKED_PASSWD_STRING
+ if (strcmp(passwd, LOCKED_PASSWD_STRING) == 0)
+ locked = 1;
+#endif
+#ifdef LOCKED_PASSWD_PREFIX
+ if (strncmp(passwd, LOCKED_PASSWD_PREFIX,
+ strlen(LOCKED_PASSWD_PREFIX)) == 0)
+ locked = 1;
+#endif
+#ifdef LOCKED_PASSWD_SUBSTR
+ if (strstr(passwd, LOCKED_PASSWD_SUBSTR))
+ locked = 1;
+#endif
+ }
+#ifdef USE_LIBIAF
+ if (iaf_passwd != NULL)
+ freezero(iaf_passwd, strlen(iaf_passwd));
+#endif /* USE_LIBIAF */
+
+ return locked;
+}