1 files changed, 80 insertions, 0 deletions
diff --git a/auth-shadow.c b/auth-shadow.c
new file mode 100644
index 000000000..604b13304
--- /dev/null
+++ b/auth-shadow.c
@@ -0,0 +1,80 @@
+/*
+ * Copyright (c) 2004 Darren Tucker.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#include "includes.h"
+RCSID("$Id: auth-shadow.c,v 1.1 2004/02/10 02:01:14 dtucker Exp $");
+#ifdef USE_SHADOW
+#include <shadow.h>
+#include "auth.h"
+#include "auth-shadow.h"
+#include "buffer.h"
+#include "log.h"
+#define DAY     (24L * 60 * 60) /* 1 day in seconds */
+extern Buffer loginmsg;
+/*
+ * Checks password expiry for platforms that use shadow passwd files.
+ * Returns: 1 = password expired, 0 = password not expired
+ */
+int
+auth_shadow_pwexpired(Authctxt *ctxt)
+{
+        struct spwd *spw = NULL;
+        const char *user = ctxt->pw->pw_name;
+        time_t today;
+        if ((spw = getspnam(user)) == NULL) {
+                error("Could not get shadow information for %.100s", user);
+                return 0;
+        }
+        today = time(NULL) / DAY;
+        debug3("%s: today %d sp_lstchg %d sp_max %d", __func__, (int)today,
+            (int)spw->sp_lstchg, (int)spw->sp_max);
+#if defined(__hpux) && !defined(HAVE_SECUREWARE)
+        if (iscomsec() && spw->sp_min == 0 && spw->sp_max == 0 &&
+            spw->sp_warn == 0)
+                return 0;       /* HP-UX Trusted Mode: expiry disabled */
+#endif
+        /* TODO: Add code to put expiry warnings into loginmsg */
+        if (spw->sp_lstchg == 0) {
+                logit("User %.100s password has expired (root forced)", user);
+                return 1;
+        }
+        if (spw->sp_max != -1 && today > spw->sp_lstchg + spw->sp_max) {
+                logit("User %.100s password has expired (password aged)", user);
+                return 1;
+        }
+        return 0;
+}
+#endif  /* USE_SHADOW */

diff --git a/auth-shadow.c b/auth-shadow.c new file mode 100644 index 000000000..604b13304 --- /dev/null +++ b/auth-shadow.c
@@ -0,0 +1,80 @@
	1	/*
	2	* Copyright (c) 2004 Darren Tucker. All rights reserved.
	3	*
	4	* Redistribution and use in source and binary forms, with or without
	5	* modification, are permitted provided that the following conditions
	6	* are met:
	7	* 1. Redistributions of source code must retain the above copyright
	8	* notice, this list of conditions and the following disclaimer.
	9	* 2. Redistributions in binary form must reproduce the above copyright
	10	* notice, this list of conditions and the following disclaimer in the
	11	* documentation and/or other materials provided with the distribution.
	12	*
	13	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
	14	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
	15	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	16	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
	17	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	18	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	19	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
	20	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	21	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
	22	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	23	*/
	24
	25	#include "includes.h"
	26	RCSID("$Id: auth-shadow.c,v 1.1 2004/02/10 02:01:14 dtucker Exp $");
	27
	28	#ifdef USE_SHADOW
	29	#include <shadow.h>
	30
	31	#include "auth.h"
	32	#include "auth-shadow.h"
	33	#include "buffer.h"
	34	#include "log.h"
	35
	36	#define DAY (24L * 60 * 60) /* 1 day in seconds */
	37
	38	extern Buffer loginmsg;
	39
	40	/*
	41	* Checks password expiry for platforms that use shadow passwd files.
	42	* Returns: 1 = password expired, 0 = password not expired
	43	*/
	44	int
	45	auth_shadow_pwexpired(Authctxt *ctxt)
	46	{
	47	struct spwd *spw = NULL;
	48	const char *user = ctxt->pw->pw_name;
	49	time_t today;
	50
	51	if ((spw = getspnam(user)) == NULL) {
	52	error("Could not get shadow information for %.100s", user);
	53	return 0;
	54	}
	55
	56	today = time(NULL) / DAY;
	57	debug3("%s: today %d sp_lstchg %d sp_max %d", __func__, (int)today,
	58	(int)spw->sp_lstchg, (int)spw->sp_max);
	59
	60	#if defined(__hpux) && !defined(HAVE_SECUREWARE)
	61	if (iscomsec() && spw->sp_min == 0 && spw->sp_max == 0 &&
	62	spw->sp_warn == 0)
	63	return 0; /* HP-UX Trusted Mode: expiry disabled */
	64	#endif
	65
	66	/* TODO: Add code to put expiry warnings into loginmsg */
	67
	68	if (spw->sp_lstchg == 0) {
	69	logit("User %.100s password has expired (root forced)", user);
	70	return 1;
	71	}
	72
	73	if (spw->sp_max != -1 && today > spw->sp_lstchg + spw->sp_max) {
	74	logit("User %.100s password has expired (password aged)", user);
	75	return 1;
	76	}
	77
	78	return 0;
	79	}
	80	#endif /* USE_SHADOW */