handling for closed home directories; yensid@afri.imsa.edu

1 files changed, 10 insertions, 3 deletions

diff --git a/etc/security b/etc/security
index 89c7b3d8ec3..b5345dcb55a 100644
--- a/etc/security
+++ b/etc/security
@@ -1,6 +1,6 @@
 #!/bin/sh -
 #
-#	$OpenBSD: security,v 1.22 1997/09/29 22:15:58 deraadt Exp $
+#	$OpenBSD: security,v 1.23 1997/10/05 11:49:14 deraadt Exp $
 #	from: @(#)security	8.1 (Berkeley) 6/9/93
 #
 
@@ -43,8 +43,15 @@ awk -F: '{
 		printf("Login %s has more than 8 characters.\n", $1);
 	if ($2 == "")
 		printf("Login %s has no password.\n", $1);
-	if ((length($2) != 13 && ($10 ~ /.*sh$/ || $10 == "")) && ($2 !~ /^\$[0-9a-f]+\$/) && system("if grep -q \"^"$1" \" /etc/skeykeys || test -d "$9"/.ssh -a ! -O "$9"/.ssh ; then exit 1 ; fi ; for i in .rhosts .shosts .klogin ; do test -s "$9"/$i -a ! -O "$9"/$i && exit 1 ; done ; exit 0") != 0)
-		printf("Login %s is off but still has a valid shell.\n", $1);
+	if ($2 != "" && length($2) != 13 && ($10 ~ /.*sh$/ || $10 == "") &&
+           ($2 !~ /^\$[0-9a-f]+\$/) && ($2 != "skey")) {
+		if (system("grep -q \"^"$1" \" /etc/skeykeys") == 0)
+			printf("Login %s is off but still has a valid shell and an entry in /etc/skeykeys.\n", $1);
+		if (system("test -d "$9" -a ! -r "$9"") == 0)
+			printf("Login %s if off but still has valid shell and home directory is unreadable\n\t by root; cannot check for existance of alternate access files.\n", $1);
+		else if (system("for file in .ssh .rhosts .shosts .klogin; do if test -e "$9"/$file; then if ((ls -ld "$9"/$file | cut -b 2-10 | grep -q r) && (test ! -O "$9"/$file)) ; then exit 1; fi; fi; done"))
+			 printf("Login %s is off but still has a valid shell and alternate access files in\n\t home directory are still readable.\n",$1);
+	}
 	if ($3 == 0 && $1 != "root")
 		printf("Login %s has a user id of 0.\n", $1);
 	if ($3 < 0)