diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2004-02-22 10:22:05 +1100 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2004-02-22 10:22:05 +1100 |
| commit | aa0aecad99c4714336117d22a7c68982684cef4b (patch) | |
| tree | 12f6744af2288d15fbb55e333201564dfe491b9b /auth-shadow.c | |
| parent | 15ee748f2835f301499f8c31b6b4e56f5deca7de (diff) | |
- (dtucker) [auth-shadow.c auth.h] Provide warnings of impending account or
password expiry. ok djm@
Diffstat (limited to 'auth-shadow.c')
| -rw-r--r-- | auth-shadow.c | 58 |
1 files changed, 44 insertions, 14 deletions
diff --git a/auth-shadow.c b/auth-shadow.c index 7d699bc40..a85442d72 100644 --- a/auth-shadow.c +++ b/auth-shadow.c | |||
| @@ -23,7 +23,7 @@ | |||
| 23 | */ | 23 | */ |
| 24 | 24 | ||
| 25 | #include "includes.h" | 25 | #include "includes.h" |
| 26 | RCSID("$Id: auth-shadow.c,v 1.4 2004/02/21 22:43:15 dtucker Exp $"); | 26 | RCSID("$Id: auth-shadow.c,v 1.5 2004/02/21 23:22:05 dtucker Exp $"); |
| 27 | 27 | ||
| 28 | #if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE) | 28 | #if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE) |
| 29 | #include <shadow.h> | 29 | #include <shadow.h> |
| @@ -49,14 +49,25 @@ int | |||
| 49 | auth_shadow_acctexpired(struct spwd *spw) | 49 | auth_shadow_acctexpired(struct spwd *spw) |
| 50 | { | 50 | { |
| 51 | time_t today; | 51 | time_t today; |
| 52 | int daysleft; | ||
| 53 | char buf[256]; | ||
| 52 | 54 | ||
| 53 | today = time(NULL) / DAY; | 55 | today = time(NULL) / DAY; |
| 54 | debug3("%s: today %d sp_expire %d", __func__, (int)today, | 56 | daysleft = spw->sp_expire - today; |
| 55 | (int)spw->sp_expire); | 57 | debug3("%s: today %d sp_expire %d days left %d", __func__, (int)today, |
| 58 | (int)spw->sp_expire, daysleft); | ||
| 56 | 59 | ||
| 57 | if (spw->sp_expire != -1 && today > spw->sp_expire) { | 60 | if (spw->sp_expire == -1) { |
| 61 | debug3("account expiration disabled"); | ||
| 62 | } else if (daysleft < 0) { | ||
| 58 | logit("Account %.100s has expired", spw->sp_namp); | 63 | logit("Account %.100s has expired", spw->sp_namp); |
| 59 | return 1; | 64 | return 1; |
| 65 | } else if (daysleft <= spw->sp_warn) { | ||
| 66 | debug3("account will expire in %d days", daysleft); | ||
| 67 | snprintf(buf, sizeof(buf), | ||
| 68 | "Your account will expire in %d day%s.\n", daysleft, | ||
| 69 | daysleft == 1 ? "" : "s"); | ||
| 70 | buffer_append(&loginmsg, buf, strlen(buf)); | ||
| 60 | } | 71 | } |
| 61 | 72 | ||
| 62 | return 0; | 73 | return 0; |
| @@ -71,9 +82,11 @@ auth_shadow_pwexpired(Authctxt *ctxt) | |||
| 71 | { | 82 | { |
| 72 | struct spwd *spw = NULL; | 83 | struct spwd *spw = NULL; |
| 73 | const char *user = ctxt->pw->pw_name; | 84 | const char *user = ctxt->pw->pw_name; |
| 85 | char buf[256]; | ||
| 74 | time_t today; | 86 | time_t today; |
| 87 | int daysleft, disabled = 0; | ||
| 75 | 88 | ||
| 76 | if ((spw = getspnam(user)) == NULL) { | 89 | if ((spw = getspnam((char *)user)) == NULL) { |
| 77 | error("Could not get shadow information for %.100s", user); | 90 | error("Could not get shadow information for %.100s", user); |
| 78 | return 0; | 91 | return 0; |
| 79 | } | 92 | } |
| @@ -83,21 +96,38 @@ auth_shadow_pwexpired(Authctxt *ctxt) | |||
| 83 | (int)spw->sp_lstchg, (int)spw->sp_max); | 96 | (int)spw->sp_lstchg, (int)spw->sp_max); |
| 84 | 97 | ||
| 85 | #if defined(__hpux) && !defined(HAVE_SECUREWARE) | 98 | #if defined(__hpux) && !defined(HAVE_SECUREWARE) |
| 86 | if (iscomsec() && spw->sp_min == 0 && spw->sp_max == 0 && | 99 | if (iscomsec()) { |
| 87 | spw->sp_warn == 0) | 100 | struct pr_passwd *pr; |
| 88 | return 0; /* HP-UX Trusted Mode: expiry disabled */ | 101 | |
| 102 | pr = getprpwnam((char *)user); | ||
| 103 | |||
| 104 | /* Test for Trusted Mode expiry disabled */ | ||
| 105 | if (pr != NULL && pr->ufld.fd_min == 0 && | ||
| 106 | pr->ufld.fd_lifetime == 0 && pr->ufld.fd_expire == 0 && | ||
| 107 | pr->ufld.fd_pw_expire_warning == 0 && | ||
| 108 | pr->ufld.fd_schange != 0) | ||
| 109 | disabled = 1; | ||
| 110 | } | ||
| 89 | #endif | 111 | #endif |
| 90 | 112 | ||
| 91 | /* TODO: Add code to put expiry warnings into loginmsg */ | 113 | /* TODO: check sp_inact */ |
| 92 | 114 | daysleft = spw->sp_lstchg + spw->sp_max - today; | |
| 93 | if (spw->sp_lstchg == 0) { | 115 | if (disabled) { |
| 116 | debug3("password expiration disabled"); | ||
| 117 | } else if (spw->sp_lstchg == 0) { | ||
| 94 | logit("User %.100s password has expired (root forced)", user); | 118 | logit("User %.100s password has expired (root forced)", user); |
| 95 | return 1; | 119 | return 1; |
| 96 | } | 120 | } else if (spw->sp_max == -1) { |
| 97 | 121 | debug3("password expiration disabled"); | |
| 98 | if (spw->sp_max != -1 && today > spw->sp_lstchg + spw->sp_max) { | 122 | } else if (daysleft < 0) { |
| 99 | logit("User %.100s password has expired (password aged)", user); | 123 | logit("User %.100s password has expired (password aged)", user); |
| 100 | return 1; | 124 | return 1; |
| 125 | } else if (daysleft <= spw->sp_warn) { | ||
| 126 | debug3("password will expire in %d days", daysleft); | ||
| 127 | snprintf(buf, sizeof(buf), | ||
| 128 | "Your password will expire in %d day%s.\n", daysleft, | ||
| 129 | daysleft == 1 ? "" : "s"); | ||
| 130 | buffer_append(&loginmsg, buf, strlen(buf)); | ||
| 101 | } | 131 | } |
| 102 | 132 | ||
| 103 | return 0; | 133 | return 0; |