SSHD 3.7.1p2 on HP-UX
Darren Tucker
dtucker at zip.com.au
Tue Oct 7 15:53:54 EST 2003
Hi All.
Attached is a smallish patch against -current to prevent the
expires-every-day behaviour on Trusted HP-UX systems. Credit goes to
Micheal for figuring this one out.
That section of code will need to be tidied up when the password expiry
patches go in anyway, currently I'm interested in making the snapshots
work for people using HP-UX. Is this patch OK until then?
For those of you using 3.7.1p2 on HP-UX, I have a patch that contains
only HP-UX fixes against 3.7.1p2. It patches configure too so you don't
need autoconf, just apply it to 3.7.1p2 and you should be good to go.
http://www.zip.com.au/~dtucker/openssh/openssh-3.7.1p2-hpux.patch
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
-------------- next part --------------
Index: auth.c
===================================================================
RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth.c,v
retrieving revision 1.78
diff -u -p -r1.78 auth.c
--- auth.c 2 Oct 2003 06:12:36 -0000 1.78
+++ auth.c 7 Oct 2003 05:42:42 -0000
@@ -90,6 +90,7 @@ allowed_user(struct passwd * pw)
#ifdef HAS_SHADOW_EXPIRE
#define DAY (24L * 60 * 60) /* 1 day in seconds */
if (!options.use_pam && spw != NULL) {
+ int disabled = 0;
time_t today;
today = time(NULL) / DAY;
@@ -106,13 +107,19 @@ allowed_user(struct passwd * pw)
return 0;
}
- if (spw->sp_lstchg == 0) {
+#if defined(__hpux) && !defined(HAVE_SECUREWARE)
+ if (iscomsec() && spw->sp_min == 0 && spw->sp_max == 0 &&
+ spw->sp_warn == 0)
+ disabled = 1; /* Trusted Mode: expiry disabled */
+#endif
+
+ if (!disabled && spw->sp_lstchg == 0) {
logit("User %.100s password has expired (root forced)",
pw->pw_name);
return 0;
}
- if (spw->sp_max != -1 &&
+ if (!disabled && spw->sp_max != -1 && spw->sp_max != 0 &&
today > spw->sp_lstchg + spw->sp_max) {
logit("User %.100s password has expired (password aged)",
pw->pw_name);
More information about the openssh-unix-dev
mailing list