summaryrefslogtreecommitdiff
path: root/auth-shadow.c
diff options
context:
space:
mode:
authorDarren Tucker <dtucker@zip.com.au>2004-02-10 13:01:14 +1100
committerDarren Tucker <dtucker@zip.com.au>2004-02-10 13:01:14 +1100
commit9df3defdbb122c406072760e07859a3b4ebf567e (patch)
tree53444d450b96ce33715e16374ee97e1b72ebbb6e /auth-shadow.c
parente3dba82dd44c165716ce2a81157b6c2f269fc0af (diff)
- (dtucker) [LICENCE Makefile.in auth-passwd.c auth-shadow.c auth.c auth.h
defines.h] Bug #14: Use do_pwchange to support password expiry and force change for platforms using /etc/shadow. ok djm@
Diffstat (limited to 'auth-shadow.c')
-rw-r--r--auth-shadow.c80
1 files changed, 80 insertions, 0 deletions
diff --git a/auth-shadow.c b/auth-shadow.c
new file mode 100644
index 000000000..604b13304
--- /dev/null
+++ b/auth-shadow.c
@@ -0,0 +1,80 @@
1/*
2 * Copyright (c) 2004 Darren Tucker. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 *
13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
14 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
15 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
16 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
17 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
18 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
19 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
20 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
21 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23 */
24
25#include "includes.h"
26RCSID("$Id: auth-shadow.c,v 1.1 2004/02/10 02:01:14 dtucker Exp $");
27
28#ifdef USE_SHADOW
29#include <shadow.h>
30
31#include "auth.h"
32#include "auth-shadow.h"
33#include "buffer.h"
34#include "log.h"
35
36#define DAY (24L * 60 * 60) /* 1 day in seconds */
37
38extern Buffer loginmsg;
39
40/*
41 * Checks password expiry for platforms that use shadow passwd files.
42 * Returns: 1 = password expired, 0 = password not expired
43 */
44int
45auth_shadow_pwexpired(Authctxt *ctxt)
46{
47 struct spwd *spw = NULL;
48 const char *user = ctxt->pw->pw_name;
49 time_t today;
50
51 if ((spw = getspnam(user)) == NULL) {
52 error("Could not get shadow information for %.100s", user);
53 return 0;
54 }
55
56 today = time(NULL) / DAY;
57 debug3("%s: today %d sp_lstchg %d sp_max %d", __func__, (int)today,
58 (int)spw->sp_lstchg, (int)spw->sp_max);
59
60#if defined(__hpux) && !defined(HAVE_SECUREWARE)
61 if (iscomsec() && spw->sp_min == 0 && spw->sp_max == 0 &&
62 spw->sp_warn == 0)
63 return 0; /* HP-UX Trusted Mode: expiry disabled */
64#endif
65
66 /* TODO: Add code to put expiry warnings into loginmsg */
67
68 if (spw->sp_lstchg == 0) {
69 logit("User %.100s password has expired (root forced)", user);
70 return 1;
71 }
72
73 if (spw->sp_max != -1 && today > spw->sp_lstchg + spw->sp_max) {
74 logit("User %.100s password has expired (password aged)", user);
75 return 1;
76 }
77
78 return 0;
79}
80#endif /* USE_SHADOW */