diff options
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | auth-shadow.c | 28 | ||||
-rw-r--r-- | auth.c | 33 | ||||
-rw-r--r-- | auth.h | 3 |
4 files changed, 42 insertions, 28 deletions
@@ -1,3 +1,7 @@ | |||
1 | 20040222 | ||
2 | - (dtucker) [auth-shadow.c auth.c auth.h] Move shadow account expiry test | ||
3 | to auth-shadow.c, no functional change. ok djm@ | ||
4 | |||
1 | 20040220 | 5 | 20040220 |
2 | - (djm) [openbsd-compat/setproctitle.c] fix comments; from grange@ | 6 | - (djm) [openbsd-compat/setproctitle.c] fix comments; from grange@ |
3 | 7 | ||
@@ -1886,4 +1890,4 @@ | |||
1886 | - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. | 1890 | - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. |
1887 | Report from murple@murple.net, diagnosis from dtucker@zip.com.au | 1891 | Report from murple@murple.net, diagnosis from dtucker@zip.com.au |
1888 | 1892 | ||
1889 | $Id: ChangeLog,v 1.3240 2004/02/20 09:37:44 djm Exp $ | 1893 | $Id: ChangeLog,v 1.3241 2004/02/21 22:43:15 dtucker Exp $ |
diff --git a/auth-shadow.c b/auth-shadow.c index 76c0d9f52..7d699bc40 100644 --- a/auth-shadow.c +++ b/auth-shadow.c | |||
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$Id: auth-shadow.c,v 1.3 2004/02/11 07:48:52 dtucker Exp $"); | 26 | RCSID("$Id: auth-shadow.c,v 1.4 2004/02/21 22:43:15 dtucker Exp $"); |
27 | 27 | ||
28 | #if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE) | 28 | #if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE) |
29 | #include <shadow.h> | 29 | #include <shadow.h> |
@@ -37,6 +37,32 @@ RCSID("$Id: auth-shadow.c,v 1.3 2004/02/11 07:48:52 dtucker Exp $"); | |||
37 | extern Buffer loginmsg; | 37 | extern Buffer loginmsg; |
38 | 38 | ||
39 | /* | 39 | /* |
40 | * For the account and password expiration functions, we assume the expiry | ||
41 | * occurs the day after the day specified. | ||
42 | */ | ||
43 | |||
44 | /* | ||
45 | * Check if specified account is expired. Returns 1 if account is expired, | ||
46 | * 0 otherwise. | ||
47 | */ | ||
48 | int | ||
49 | auth_shadow_acctexpired(struct spwd *spw) | ||
50 | { | ||
51 | time_t today; | ||
52 | |||
53 | today = time(NULL) / DAY; | ||
54 | debug3("%s: today %d sp_expire %d", __func__, (int)today, | ||
55 | (int)spw->sp_expire); | ||
56 | |||
57 | if (spw->sp_expire != -1 && today > spw->sp_expire) { | ||
58 | logit("Account %.100s has expired", spw->sp_namp); | ||
59 | return 1; | ||
60 | } | ||
61 | |||
62 | return 0; | ||
63 | } | ||
64 | |||
65 | /* | ||
40 | * Checks password expiry for platforms that use shadow passwd files. | 66 | * Checks password expiry for platforms that use shadow passwd files. |
41 | * Returns: 1 = password expired, 0 = password not expired | 67 | * Returns: 1 = password expired, 0 = password not expired |
42 | */ | 68 | */ |
@@ -28,9 +28,9 @@ RCSID("$OpenBSD: auth.c,v 1.51 2003/11/21 11:57:02 djm Exp $"); | |||
28 | #ifdef HAVE_LOGIN_H | 28 | #ifdef HAVE_LOGIN_H |
29 | #include <login.h> | 29 | #include <login.h> |
30 | #endif | 30 | #endif |
31 | #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) | 31 | #ifdef USE_SHADOW |
32 | #include <shadow.h> | 32 | #include <shadow.h> |
33 | #endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */ | 33 | #endif |
34 | 34 | ||
35 | #ifdef HAVE_LIBGEN_H | 35 | #ifdef HAVE_LIBGEN_H |
36 | #include <libgen.h> | 36 | #include <libgen.h> |
@@ -76,7 +76,7 @@ allowed_user(struct passwd * pw) | |||
76 | const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL; | 76 | const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL; |
77 | char *shell; | 77 | char *shell; |
78 | int i; | 78 | int i; |
79 | #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) | 79 | #ifdef USE_SHADOW |
80 | struct spwd *spw = NULL; | 80 | struct spwd *spw = NULL; |
81 | #endif | 81 | #endif |
82 | 82 | ||
@@ -84,34 +84,17 @@ allowed_user(struct passwd * pw) | |||
84 | if (!pw || !pw->pw_name) | 84 | if (!pw || !pw->pw_name) |
85 | return 0; | 85 | return 0; |
86 | 86 | ||
87 | #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) | 87 | #ifdef USE_SHADOW |
88 | if (!options.use_pam) | 88 | if (!options.use_pam) |
89 | spw = getspnam(pw->pw_name); | 89 | spw = getspnam(pw->pw_name); |
90 | #ifdef HAS_SHADOW_EXPIRE | 90 | #ifdef HAS_SHADOW_EXPIRE |
91 | #define DAY (24L * 60 * 60) /* 1 day in seconds */ | 91 | if (!options.use_pam && spw != NULL && auth_shadow_acctexpired(spw)) |
92 | if (!options.use_pam && spw != NULL) { | 92 | return 0; |
93 | int disabled = 0; | ||
94 | time_t today; | ||
95 | |||
96 | today = time(NULL) / DAY; | ||
97 | debug3("allowed_user: today %d sp_expire %d sp_lstchg %d" | ||
98 | " sp_max %d", (int)today, (int)spw->sp_expire, | ||
99 | (int)spw->sp_lstchg, (int)spw->sp_max); | ||
100 | |||
101 | /* | ||
102 | * We assume account and password expiration occurs the | ||
103 | * day after the day specified. | ||
104 | */ | ||
105 | if (spw->sp_expire != -1 && today > spw->sp_expire) { | ||
106 | logit("Account %.100s has expired", pw->pw_name); | ||
107 | return 0; | ||
108 | } | ||
109 | } | ||
110 | #endif /* HAS_SHADOW_EXPIRE */ | 93 | #endif /* HAS_SHADOW_EXPIRE */ |
111 | #endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */ | 94 | #endif /* USE_SHADOW */ |
112 | 95 | ||
113 | /* grab passwd field for locked account check */ | 96 | /* grab passwd field for locked account check */ |
114 | #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) | 97 | #ifdef USE_SHADOW |
115 | if (spw != NULL) | 98 | if (spw != NULL) |
116 | passwd = spw->sp_pwdp; | 99 | passwd = spw->sp_pwdp; |
117 | #else | 100 | #else |
@@ -122,7 +122,8 @@ int auth_krb5_password(Authctxt *authctxt, const char *password); | |||
122 | void krb5_cleanup_proc(Authctxt *authctxt); | 122 | void krb5_cleanup_proc(Authctxt *authctxt); |
123 | #endif /* KRB5 */ | 123 | #endif /* KRB5 */ |
124 | 124 | ||
125 | #ifdef USE_SHADOW | 125 | #if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE) |
126 | int auth_shadow_acctexpired(struct spwd *); | ||
126 | int auth_shadow_pwexpired(Authctxt *); | 127 | int auth_shadow_pwexpired(Authctxt *); |
127 | #endif | 128 | #endif |
128 | 129 | ||