SKEY + pw_expire patches *** pop_pass.c.orig Fri May 24 22:26:25 1996 --- pop_pass.c Tue Dec 10 23:52:23 1996 *************** *** 482,497 **** POP * p; struct passwd * pw; { /* We don't accept connections from users with null passwords */ /* Compare the supplied password with the password file entry */ ! if ((pw->pw_passwd == NULL) || (*pw->pw_passwd == '\0') || ! strcmp(crypt(p->pop_parm[1], pw->pw_passwd), pw->pw_passwd)) { ! sleep(SLEEP_SECONDS); ! return (pop_msg(p,POP_FAILURE, pwerrmsg, p->user)); } return(POP_SUCCESS); } #endif /* AUTH */ --- 482,530 ---- POP * p; struct passwd * pw; { + #ifdef SKEY + int pass_ok; + #endif + #if defined(BSD) && (BSD >= 199306) + /* Check password change and expire times before granting access */ + time_t now = time((time_t *) NULL); + + if ((pw->pw_change && now > pw->pw_change) || + (pw->pw_expire && now > pw->pw_expire)) + goto error; + #endif + /* We don't accept connections from users with null passwords */ + if ((pw->pw_passwd == NULL) || (*pw->pw_passwd == '\0')) + goto error; + /* Compare the supplied password with the password file entry */ + #ifdef SKEY + pass_ok = skeyaccess(p->user, NULL, p->client, p->ipaddr); + if (strcmp(skey_crypt(p->pop_parm[1], pw->pw_passwd, pw, pass_ok), + pw->pw_passwd)) { + static char buf[128]; + struct skey skey; ! if (skeychallenge(&skey, p->user, buf)) ! goto error; ! if (pass_ok) ! sleep(SLEEP_SECONDS); ! return (pop_msg(p,POP_FAILURE, ! "\"%s\" %s%s, password is incorrect.", ! p->user, buf, ! pass_ok ? "" : " (required)")); } + #else + if (strcmp(crypt(p->pop_parm[1], pw->pw_passwd), pw->pw_passwd)) + goto error; + #endif return(POP_SUCCESS); + + error: + sleep(SLEEP_SECONDS); + return (pop_msg(p,POP_FAILURE, pwerrmsg, p->user)); } #endif /* AUTH */ *** pop_user.c.orig Sat Mar 29 07:30:36 1997 --- pop_user.c Wed Apr 23 07:03:37 1997 *************** *** 163,168 **** --- 163,180 ---- } #endif /* APOP */ + #ifdef SKEY + { + static char buf[128]; + struct skey skey; + + if (!skeychallenge(&skey, p->user, buf)) + return(pop_msg(p,POP_SUCCESS,"%s%s", buf, + skeyaccess(p->user, NULL, p->client, p->ipaddr) ? + "" : " (required)")); + } + #endif + /* Tell the user that the password is required */ return (pop_msg(p,POP_SUCCESS,"Password required for %s.",p->user)); } *** popper.h.orig Fri Jul 25 21:42:08 1997 --- popper.h Tue Oct 7 20:26:58 1997 *************** *** 25,37 **** # include #endif ! #ifdef HAVE_PARAM_H #include - # if (defined(BSD) && (BSD >= 199103)) - # define HAVE_UNISTD_H - # define HAVE_VPRINTF - # define BIND43 - # endif #endif #ifdef BSDI --- 25,32 ---- # include #endif ! #ifdef HAVE_SYS_PARAM_H #include #endif #ifdef BSDI *************** *** 304,309 **** --- 299,307 ---- extern AUTH_DAT kdata; #endif /* KERBEROS */ + #if defined(SKEY) + #include + #endif #if defined(AUTHFILE) extern int checkauthfile(); #endif