diff options
| -rw-r--r-- | ChangeLog | 4 | ||||
| -rw-r--r-- | auth.c | 29 |
2 files changed, 26 insertions, 7 deletions
| @@ -1,4 +1,6 @@ | |||
| 1 | 20020510 | 1 | 20020510 |
| 2 | - (stevesk) [auth.c] Shadow account and expiration cleanup. Now | ||
| 3 | check for root forced expire. Still don't check for inactive. | ||
| 2 | - (djm) Rework RedHat RPM files. Based on spec from Nalin | 4 | - (djm) Rework RedHat RPM files. Based on spec from Nalin |
| 3 | Dahyabhai <nalin@redhat.com> and patches from | 5 | Dahyabhai <nalin@redhat.com> and patches from |
| 4 | Pekka Savola <pekkas@netcore.fi> | 6 | Pekka Savola <pekkas@netcore.fi> |
| @@ -557,4 +559,4 @@ | |||
| 557 | - (stevesk) entropy.c: typo in debug message | 559 | - (stevesk) entropy.c: typo in debug message |
| 558 | - (djm) ssh-keygen -i needs seeded RNG; report from markus@ | 560 | - (djm) ssh-keygen -i needs seeded RNG; report from markus@ |
| 559 | 561 | ||
| 560 | $Id: ChangeLog,v 1.2103 2002/05/10 02:40:15 mouring Exp $ | 562 | $Id: ChangeLog,v 1.2104 2002/05/10 15:48:52 stevesk Exp $ |
| @@ -80,18 +80,35 @@ allowed_user(struct passwd * pw) | |||
| 80 | if (!pw || !pw->pw_name) | 80 | if (!pw || !pw->pw_name) |
| 81 | return 0; | 81 | return 0; |
| 82 | 82 | ||
| 83 | #define DAY (24L * 60 * 60) /* 1 day in seconds */ | ||
| 83 | spw = getspnam(pw->pw_name); | 84 | spw = getspnam(pw->pw_name); |
| 84 | if (spw != NULL) { | 85 | if (spw != NULL) { |
| 85 | int days = time(NULL) / 86400; | 86 | time_t today = time(NULL) / DAY; |
| 87 | debug3("allowed_user: today %d sp_expire %d sp_lstchg %d" | ||
| 88 | " sp_max %d", (int)today, (int)spw->sp_expire, | ||
| 89 | (int)spw->sp_lstchg, (int)spw->sp_max); | ||
| 86 | 90 | ||
| 87 | /* Check account expiry */ | 91 | /* |
| 88 | if ((spw->sp_expire >= 0) && (days > spw->sp_expire)) | 92 | * We assume account and password expiration occurs the |
| 93 | * day after the day specified. | ||
| 94 | */ | ||
| 95 | if (spw->sp_expire != -1 && today > spw->sp_expire) { | ||
| 96 | log("Account %.100s has expired", pw->pw_name); | ||
| 89 | return 0; | 97 | return 0; |
| 98 | } | ||
| 90 | 99 | ||
| 91 | /* Check password expiry */ | 100 | if (spw->sp_lstchg == 0) { |
| 92 | if ((spw->sp_lstchg >= 0) && (spw->sp_max >= 0) && | 101 | log("User %.100s password has expired (root forced)", |
| 93 | (days > (spw->sp_lstchg + spw->sp_max))) | 102 | pw->pw_name); |
| 94 | return 0; | 103 | return 0; |
| 104 | } | ||
| 105 | |||
| 106 | if (spw->sp_max != -1 && | ||
| 107 | today > spw->sp_lstchg + spw->sp_max) { | ||
| 108 | log("User %.100s password has expired (password aged)", | ||
| 109 | pw->pw_name); | ||
| 110 | return 0; | ||
| 111 | } | ||
| 95 | } | 112 | } |
| 96 | #else | 113 | #else |
| 97 | /* Shouldn't be called if pw is NULL, but better safe than sorry... */ | 114 | /* Shouldn't be called if pw is NULL, but better safe than sorry... */ |