summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--auth-shadow.c58
-rw-r--r--auth.h1
2 files changed, 45 insertions, 14 deletions
diff --git a/auth-shadow.c b/auth-shadow.c
index 7d699bc40..a85442d72 100644
--- a/auth-shadow.c
+++ b/auth-shadow.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$Id: auth-shadow.c,v 1.4 2004/02/21 22:43:15 dtucker Exp $"); 26RCSID("$Id: auth-shadow.c,v 1.5 2004/02/21 23:22:05 dtucker Exp $");
27 27
28#if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE) 28#if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
29#include <shadow.h> 29#include <shadow.h>
@@ -49,14 +49,25 @@ int
49auth_shadow_acctexpired(struct spwd *spw) 49auth_shadow_acctexpired(struct spwd *spw)
50{ 50{
51 time_t today; 51 time_t today;
52 int daysleft;
53 char buf[256];
52 54
53 today = time(NULL) / DAY; 55 today = time(NULL) / DAY;
54 debug3("%s: today %d sp_expire %d", __func__, (int)today, 56 daysleft = spw->sp_expire - today;
55 (int)spw->sp_expire); 57 debug3("%s: today %d sp_expire %d days left %d", __func__, (int)today,
58 (int)spw->sp_expire, daysleft);
56 59
57 if (spw->sp_expire != -1 && today > spw->sp_expire) { 60 if (spw->sp_expire == -1) {
61 debug3("account expiration disabled");
62 } else if (daysleft < 0) {
58 logit("Account %.100s has expired", spw->sp_namp); 63 logit("Account %.100s has expired", spw->sp_namp);
59 return 1; 64 return 1;
65 } else if (daysleft <= spw->sp_warn) {
66 debug3("account will expire in %d days", daysleft);
67 snprintf(buf, sizeof(buf),
68 "Your account will expire in %d day%s.\n", daysleft,
69 daysleft == 1 ? "" : "s");
70 buffer_append(&loginmsg, buf, strlen(buf));
60 } 71 }
61 72
62 return 0; 73 return 0;
@@ -71,9 +82,11 @@ auth_shadow_pwexpired(Authctxt *ctxt)
71{ 82{
72 struct spwd *spw = NULL; 83 struct spwd *spw = NULL;
73 const char *user = ctxt->pw->pw_name; 84 const char *user = ctxt->pw->pw_name;
85 char buf[256];
74 time_t today; 86 time_t today;
87 int daysleft, disabled = 0;
75 88
76 if ((spw = getspnam(user)) == NULL) { 89 if ((spw = getspnam((char *)user)) == NULL) {
77 error("Could not get shadow information for %.100s", user); 90 error("Could not get shadow information for %.100s", user);
78 return 0; 91 return 0;
79 } 92 }
@@ -83,21 +96,38 @@ auth_shadow_pwexpired(Authctxt *ctxt)
83 (int)spw->sp_lstchg, (int)spw->sp_max); 96 (int)spw->sp_lstchg, (int)spw->sp_max);
84 97
85#if defined(__hpux) && !defined(HAVE_SECUREWARE) 98#if defined(__hpux) && !defined(HAVE_SECUREWARE)
86 if (iscomsec() && spw->sp_min == 0 && spw->sp_max == 0 && 99 if (iscomsec()) {
87 spw->sp_warn == 0) 100 struct pr_passwd *pr;
88 return 0; /* HP-UX Trusted Mode: expiry disabled */ 101
102 pr = getprpwnam((char *)user);
103
104 /* Test for Trusted Mode expiry disabled */
105 if (pr != NULL && pr->ufld.fd_min == 0 &&
106 pr->ufld.fd_lifetime == 0 && pr->ufld.fd_expire == 0 &&
107 pr->ufld.fd_pw_expire_warning == 0 &&
108 pr->ufld.fd_schange != 0)
109 disabled = 1;
110 }
89#endif 111#endif
90 112
91 /* TODO: Add code to put expiry warnings into loginmsg */ 113 /* TODO: check sp_inact */
92 114 daysleft = spw->sp_lstchg + spw->sp_max - today;
93 if (spw->sp_lstchg == 0) { 115 if (disabled) {
116 debug3("password expiration disabled");
117 } else if (spw->sp_lstchg == 0) {
94 logit("User %.100s password has expired (root forced)", user); 118 logit("User %.100s password has expired (root forced)", user);
95 return 1; 119 return 1;
96 } 120 } else if (spw->sp_max == -1) {
97 121 debug3("password expiration disabled");
98 if (spw->sp_max != -1 && today > spw->sp_lstchg + spw->sp_max) { 122 } else if (daysleft < 0) {
99 logit("User %.100s password has expired (password aged)", user); 123 logit("User %.100s password has expired (password aged)", user);
100 return 1; 124 return 1;
125 } else if (daysleft <= spw->sp_warn) {
126 debug3("password will expire in %d days", daysleft);
127 snprintf(buf, sizeof(buf),
128 "Your password will expire in %d day%s.\n", daysleft,
129 daysleft == 1 ? "" : "s");
130 buffer_append(&loginmsg, buf, strlen(buf));
101 } 131 }
102 132
103 return 0; 133 return 0;
diff --git a/auth.h b/auth.h
index a8f61f403..de2222aaa 100644
--- a/auth.h
+++ b/auth.h
@@ -123,6 +123,7 @@ void krb5_cleanup_proc(Authctxt *authctxt);
123#endif /* KRB5 */ 123#endif /* KRB5 */
124 124
125#if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE) 125#if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
126#include <shadow.h>
126int auth_shadow_acctexpired(struct spwd *); 127int auth_shadow_acctexpired(struct spwd *);
127int auth_shadow_pwexpired(Authctxt *); 128int auth_shadow_pwexpired(Authctxt *);
128#endif 129#endif