diff options
-rw-r--r-- | auth-shadow.c | 58 | ||||
-rw-r--r-- | auth.h | 1 |
2 files changed, 45 insertions, 14 deletions
diff --git a/auth-shadow.c b/auth-shadow.c index 7d699bc40..a85442d72 100644 --- a/auth-shadow.c +++ b/auth-shadow.c | |||
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$Id: auth-shadow.c,v 1.4 2004/02/21 22:43:15 dtucker Exp $"); | 26 | RCSID("$Id: auth-shadow.c,v 1.5 2004/02/21 23:22:05 dtucker Exp $"); |
27 | 27 | ||
28 | #if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE) | 28 | #if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE) |
29 | #include <shadow.h> | 29 | #include <shadow.h> |
@@ -49,14 +49,25 @@ int | |||
49 | auth_shadow_acctexpired(struct spwd *spw) | 49 | auth_shadow_acctexpired(struct spwd *spw) |
50 | { | 50 | { |
51 | time_t today; | 51 | time_t today; |
52 | int daysleft; | ||
53 | char buf[256]; | ||
52 | 54 | ||
53 | today = time(NULL) / DAY; | 55 | today = time(NULL) / DAY; |
54 | debug3("%s: today %d sp_expire %d", __func__, (int)today, | 56 | daysleft = spw->sp_expire - today; |
55 | (int)spw->sp_expire); | 57 | debug3("%s: today %d sp_expire %d days left %d", __func__, (int)today, |
58 | (int)spw->sp_expire, daysleft); | ||
56 | 59 | ||
57 | if (spw->sp_expire != -1 && today > spw->sp_expire) { | 60 | if (spw->sp_expire == -1) { |
61 | debug3("account expiration disabled"); | ||
62 | } else if (daysleft < 0) { | ||
58 | logit("Account %.100s has expired", spw->sp_namp); | 63 | logit("Account %.100s has expired", spw->sp_namp); |
59 | return 1; | 64 | return 1; |
65 | } else if (daysleft <= spw->sp_warn) { | ||
66 | debug3("account will expire in %d days", daysleft); | ||
67 | snprintf(buf, sizeof(buf), | ||
68 | "Your account will expire in %d day%s.\n", daysleft, | ||
69 | daysleft == 1 ? "" : "s"); | ||
70 | buffer_append(&loginmsg, buf, strlen(buf)); | ||
60 | } | 71 | } |
61 | 72 | ||
62 | return 0; | 73 | return 0; |
@@ -71,9 +82,11 @@ auth_shadow_pwexpired(Authctxt *ctxt) | |||
71 | { | 82 | { |
72 | struct spwd *spw = NULL; | 83 | struct spwd *spw = NULL; |
73 | const char *user = ctxt->pw->pw_name; | 84 | const char *user = ctxt->pw->pw_name; |
85 | char buf[256]; | ||
74 | time_t today; | 86 | time_t today; |
87 | int daysleft, disabled = 0; | ||
75 | 88 | ||
76 | if ((spw = getspnam(user)) == NULL) { | 89 | if ((spw = getspnam((char *)user)) == NULL) { |
77 | error("Could not get shadow information for %.100s", user); | 90 | error("Could not get shadow information for %.100s", user); |
78 | return 0; | 91 | return 0; |
79 | } | 92 | } |
@@ -83,21 +96,38 @@ auth_shadow_pwexpired(Authctxt *ctxt) | |||
83 | (int)spw->sp_lstchg, (int)spw->sp_max); | 96 | (int)spw->sp_lstchg, (int)spw->sp_max); |
84 | 97 | ||
85 | #if defined(__hpux) && !defined(HAVE_SECUREWARE) | 98 | #if defined(__hpux) && !defined(HAVE_SECUREWARE) |
86 | if (iscomsec() && spw->sp_min == 0 && spw->sp_max == 0 && | 99 | if (iscomsec()) { |
87 | spw->sp_warn == 0) | 100 | struct pr_passwd *pr; |
88 | return 0; /* HP-UX Trusted Mode: expiry disabled */ | 101 | |
102 | pr = getprpwnam((char *)user); | ||
103 | |||
104 | /* Test for Trusted Mode expiry disabled */ | ||
105 | if (pr != NULL && pr->ufld.fd_min == 0 && | ||
106 | pr->ufld.fd_lifetime == 0 && pr->ufld.fd_expire == 0 && | ||
107 | pr->ufld.fd_pw_expire_warning == 0 && | ||
108 | pr->ufld.fd_schange != 0) | ||
109 | disabled = 1; | ||
110 | } | ||
89 | #endif | 111 | #endif |
90 | 112 | ||
91 | /* TODO: Add code to put expiry warnings into loginmsg */ | 113 | /* TODO: check sp_inact */ |
92 | 114 | daysleft = spw->sp_lstchg + spw->sp_max - today; | |
93 | if (spw->sp_lstchg == 0) { | 115 | if (disabled) { |
116 | debug3("password expiration disabled"); | ||
117 | } else if (spw->sp_lstchg == 0) { | ||
94 | logit("User %.100s password has expired (root forced)", user); | 118 | logit("User %.100s password has expired (root forced)", user); |
95 | return 1; | 119 | return 1; |
96 | } | 120 | } else if (spw->sp_max == -1) { |
97 | 121 | debug3("password expiration disabled"); | |
98 | if (spw->sp_max != -1 && today > spw->sp_lstchg + spw->sp_max) { | 122 | } else if (daysleft < 0) { |
99 | logit("User %.100s password has expired (password aged)", user); | 123 | logit("User %.100s password has expired (password aged)", user); |
100 | return 1; | 124 | return 1; |
125 | } else if (daysleft <= spw->sp_warn) { | ||
126 | debug3("password will expire in %d days", daysleft); | ||
127 | snprintf(buf, sizeof(buf), | ||
128 | "Your password will expire in %d day%s.\n", daysleft, | ||
129 | daysleft == 1 ? "" : "s"); | ||
130 | buffer_append(&loginmsg, buf, strlen(buf)); | ||
101 | } | 131 | } |
102 | 132 | ||
103 | return 0; | 133 | return 0; |
@@ -123,6 +123,7 @@ void krb5_cleanup_proc(Authctxt *authctxt); | |||
123 | #endif /* KRB5 */ | 123 | #endif /* KRB5 */ |
124 | 124 | ||
125 | #if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE) | 125 | #if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE) |
126 | #include <shadow.h> | ||
126 | int auth_shadow_acctexpired(struct spwd *); | 127 | int auth_shadow_acctexpired(struct spwd *); |
127 | int auth_shadow_pwexpired(Authctxt *); | 128 | int auth_shadow_pwexpired(Authctxt *); |
128 | #endif | 129 | #endif |