diff options
Diffstat (limited to 'auth.c')
-rw-r--r-- | auth.c | 69 |
1 files changed, 36 insertions, 33 deletions
@@ -78,8 +78,7 @@ allowed_user(struct passwd * pw) | |||
78 | #ifdef WITH_AIXAUTHENTICATE | 78 | #ifdef WITH_AIXAUTHENTICATE |
79 | char *loginmsg; | 79 | char *loginmsg; |
80 | #endif /* WITH_AIXAUTHENTICATE */ | 80 | #endif /* WITH_AIXAUTHENTICATE */ |
81 | #if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \ | 81 | #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) |
82 | !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE) | ||
83 | struct spwd *spw; | 82 | struct spwd *spw; |
84 | #endif | 83 | #endif |
85 | 84 | ||
@@ -87,38 +86,11 @@ allowed_user(struct passwd * pw) | |||
87 | if (!pw || !pw->pw_name) | 86 | if (!pw || !pw->pw_name) |
88 | return 0; | 87 | return 0; |
89 | 88 | ||
90 | #if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \ | 89 | /* Grab the password for locked account checking */ |
91 | !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE) | 90 | #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) |
92 | #define DAY (24L * 60 * 60) /* 1 day in seconds */ | ||
93 | spw = getspnam(pw->pw_name); | 91 | spw = getspnam(pw->pw_name); |
94 | if (spw != NULL) { | 92 | if (!spw) |
95 | time_t today = time(NULL) / DAY; | 93 | return 0; |
96 | debug3("allowed_user: today %d sp_expire %d sp_lstchg %d" | ||
97 | " sp_max %d", (int)today, (int)spw->sp_expire, | ||
98 | (int)spw->sp_lstchg, (int)spw->sp_max); | ||
99 | |||
100 | /* | ||
101 | * We assume account and password expiration occurs the | ||
102 | * day after the day specified. | ||
103 | */ | ||
104 | if (spw->sp_expire != -1 && today > spw->sp_expire) { | ||
105 | log("Account %.100s has expired", pw->pw_name); | ||
106 | return 0; | ||
107 | } | ||
108 | |||
109 | if (spw->sp_lstchg == 0) { | ||
110 | log("User %.100s password has expired (root forced)", | ||
111 | pw->pw_name); | ||
112 | return 0; | ||
113 | } | ||
114 | |||
115 | if (spw->sp_max != -1 && | ||
116 | today > spw->sp_lstchg + spw->sp_max) { | ||
117 | log("User %.100s password has expired (password aged)", | ||
118 | pw->pw_name); | ||
119 | return 0; | ||
120 | } | ||
121 | } | ||
122 | passwd = spw->sp_pwdp; | 94 | passwd = spw->sp_pwdp; |
123 | #else | 95 | #else |
124 | passwd = pw->pw_passwd; | 96 | passwd = pw->pw_passwd; |
@@ -131,6 +103,37 @@ allowed_user(struct passwd * pw) | |||
131 | return 0; | 103 | return 0; |
132 | } | 104 | } |
133 | 105 | ||
106 | #if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \ | ||
107 | !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE) | ||
108 | #define DAY (24L * 60 * 60) /* 1 day in seconds */ | ||
109 | time_t today = time(NULL) / DAY; | ||
110 | debug3("allowed_user: today %d sp_expire %d sp_lstchg %d" | ||
111 | " sp_max %d", (int)today, (int)spw->sp_expire, | ||
112 | (int)spw->sp_lstchg, (int)spw->sp_max); | ||
113 | |||
114 | /* | ||
115 | * We assume account and password expiration occurs the | ||
116 | * day after the day specified. | ||
117 | */ | ||
118 | if (spw->sp_expire != -1 && today > spw->sp_expire) { | ||
119 | log("Account %.100s has expired", pw->pw_name); | ||
120 | return 0; | ||
121 | } | ||
122 | |||
123 | if (spw->sp_lstchg == 0) { | ||
124 | log("User %.100s password has expired (root forced)", | ||
125 | pw->pw_name); | ||
126 | return 0; | ||
127 | } | ||
128 | |||
129 | if (spw->sp_max != -1 && | ||
130 | today > spw->sp_lstchg + spw->sp_max) { | ||
131 | log("User %.100s password has expired (password aged)", | ||
132 | pw->pw_name); | ||
133 | return 0; | ||
134 | } | ||
135 | #endif | ||
136 | |||
134 | /* | 137 | /* |
135 | * Get the shell from the password data. An empty shell field is | 138 | * Get the shell from the password data. An empty shell field is |
136 | * legal, and means /bin/sh. | 139 | * legal, and means /bin/sh. |