summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog6
-rw-r--r--auth-shadow.c28
-rw-r--r--auth.c33
-rw-r--r--auth.h3
4 files changed, 42 insertions, 28 deletions
diff --git a/ChangeLog b/ChangeLog
index df4169bb5..38be7eb59 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
120040222
2 - (dtucker) [auth-shadow.c auth.c auth.h] Move shadow account expiry test
3 to auth-shadow.c, no functional change. ok djm@
4
120040220 520040220
2 - (djm) [openbsd-compat/setproctitle.c] fix comments; from grange@ 6 - (djm) [openbsd-compat/setproctitle.c] fix comments; from grange@
3 7
@@ -1886,4 +1890,4 @@
1886 - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. 1890 - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
1887 Report from murple@murple.net, diagnosis from dtucker@zip.com.au 1891 Report from murple@murple.net, diagnosis from dtucker@zip.com.au
1888 1892
1889$Id: ChangeLog,v 1.3240 2004/02/20 09:37:44 djm Exp $ 1893$Id: ChangeLog,v 1.3241 2004/02/21 22:43:15 dtucker Exp $
diff --git a/auth-shadow.c b/auth-shadow.c
index 76c0d9f52..7d699bc40 100644
--- a/auth-shadow.c
+++ b/auth-shadow.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$Id: auth-shadow.c,v 1.3 2004/02/11 07:48:52 dtucker Exp $"); 26RCSID("$Id: auth-shadow.c,v 1.4 2004/02/21 22:43:15 dtucker Exp $");
27 27
28#if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE) 28#if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
29#include <shadow.h> 29#include <shadow.h>
@@ -37,6 +37,32 @@ RCSID("$Id: auth-shadow.c,v 1.3 2004/02/11 07:48:52 dtucker Exp $");
37extern Buffer loginmsg; 37extern Buffer loginmsg;
38 38
39/* 39/*
40 * For the account and password expiration functions, we assume the expiry
41 * occurs the day after the day specified.
42 */
43
44/*
45 * Check if specified account is expired. Returns 1 if account is expired,
46 * 0 otherwise.
47 */
48int
49auth_shadow_acctexpired(struct spwd *spw)
50{
51 time_t today;
52
53 today = time(NULL) / DAY;
54 debug3("%s: today %d sp_expire %d", __func__, (int)today,
55 (int)spw->sp_expire);
56
57 if (spw->sp_expire != -1 && today > spw->sp_expire) {
58 logit("Account %.100s has expired", spw->sp_namp);
59 return 1;
60 }
61
62 return 0;
63}
64
65/*
40 * Checks password expiry for platforms that use shadow passwd files. 66 * Checks password expiry for platforms that use shadow passwd files.
41 * Returns: 1 = password expired, 0 = password not expired 67 * Returns: 1 = password expired, 0 = password not expired
42 */ 68 */
diff --git a/auth.c b/auth.c
index c6e7c21c4..6d999221c 100644
--- a/auth.c
+++ b/auth.c
@@ -28,9 +28,9 @@ RCSID("$OpenBSD: auth.c,v 1.51 2003/11/21 11:57:02 djm Exp $");
28#ifdef HAVE_LOGIN_H 28#ifdef HAVE_LOGIN_H
29#include <login.h> 29#include <login.h>
30#endif 30#endif
31#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) 31#ifdef USE_SHADOW
32#include <shadow.h> 32#include <shadow.h>
33#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */ 33#endif
34 34
35#ifdef HAVE_LIBGEN_H 35#ifdef HAVE_LIBGEN_H
36#include <libgen.h> 36#include <libgen.h>
@@ -76,7 +76,7 @@ allowed_user(struct passwd * pw)
76 const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL; 76 const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL;
77 char *shell; 77 char *shell;
78 int i; 78 int i;
79#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) 79#ifdef USE_SHADOW
80 struct spwd *spw = NULL; 80 struct spwd *spw = NULL;
81#endif 81#endif
82 82
@@ -84,34 +84,17 @@ allowed_user(struct passwd * pw)
84 if (!pw || !pw->pw_name) 84 if (!pw || !pw->pw_name)
85 return 0; 85 return 0;
86 86
87#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) 87#ifdef USE_SHADOW
88 if (!options.use_pam) 88 if (!options.use_pam)
89 spw = getspnam(pw->pw_name); 89 spw = getspnam(pw->pw_name);
90#ifdef HAS_SHADOW_EXPIRE 90#ifdef HAS_SHADOW_EXPIRE
91#define DAY (24L * 60 * 60) /* 1 day in seconds */ 91 if (!options.use_pam && spw != NULL && auth_shadow_acctexpired(spw))
92 if (!options.use_pam && spw != NULL) { 92 return 0;
93 int disabled = 0;
94 time_t today;
95
96 today = time(NULL) / DAY;
97 debug3("allowed_user: today %d sp_expire %d sp_lstchg %d"
98 " sp_max %d", (int)today, (int)spw->sp_expire,
99 (int)spw->sp_lstchg, (int)spw->sp_max);
100
101 /*
102 * We assume account and password expiration occurs the
103 * day after the day specified.
104 */
105 if (spw->sp_expire != -1 && today > spw->sp_expire) {
106 logit("Account %.100s has expired", pw->pw_name);
107 return 0;
108 }
109 }
110#endif /* HAS_SHADOW_EXPIRE */ 93#endif /* HAS_SHADOW_EXPIRE */
111#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */ 94#endif /* USE_SHADOW */
112 95
113 /* grab passwd field for locked account check */ 96 /* grab passwd field for locked account check */
114#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) 97#ifdef USE_SHADOW
115 if (spw != NULL) 98 if (spw != NULL)
116 passwd = spw->sp_pwdp; 99 passwd = spw->sp_pwdp;
117#else 100#else
diff --git a/auth.h b/auth.h
index b6a6a49a5..a8f61f403 100644
--- a/auth.h
+++ b/auth.h
@@ -122,7 +122,8 @@ int auth_krb5_password(Authctxt *authctxt, const char *password);
122void krb5_cleanup_proc(Authctxt *authctxt); 122void krb5_cleanup_proc(Authctxt *authctxt);
123#endif /* KRB5 */ 123#endif /* KRB5 */
124 124
125#ifdef USE_SHADOW 125#if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
126int auth_shadow_acctexpired(struct spwd *);
126int auth_shadow_pwexpired(Authctxt *); 127int auth_shadow_pwexpired(Authctxt *);
127#endif 128#endif
128 129