From 15ee748f2835f301499f8c31b6b4e56f5deca7de Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 22 Feb 2004 09:43:15 +1100 Subject: - (dtucker) [auth-shadow.c auth.c auth.h] Move shadow account expiry test to auth-shadow.c, no functional change. ok djm@ --- ChangeLog | 6 +++++- auth-shadow.c | 28 +++++++++++++++++++++++++++- auth.c | 33 ++++++++------------------------- auth.h | 3 ++- 4 files changed, 42 insertions(+), 28 deletions(-) diff --git a/ChangeLog b/ChangeLog index df4169bb5..38be7eb59 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20040222 + - (dtucker) [auth-shadow.c auth.c auth.h] Move shadow account expiry test + to auth-shadow.c, no functional change. ok djm@ + 20040220 - (djm) [openbsd-compat/setproctitle.c] fix comments; from grange@ @@ -1886,4 +1890,4 @@ - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. Report from murple@murple.net, diagnosis from dtucker@zip.com.au -$Id: ChangeLog,v 1.3240 2004/02/20 09:37:44 djm Exp $ +$Id: ChangeLog,v 1.3241 2004/02/21 22:43:15 dtucker Exp $ diff --git a/auth-shadow.c b/auth-shadow.c index 76c0d9f52..7d699bc40 100644 --- a/auth-shadow.c +++ b/auth-shadow.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$Id: auth-shadow.c,v 1.3 2004/02/11 07:48:52 dtucker Exp $"); +RCSID("$Id: auth-shadow.c,v 1.4 2004/02/21 22:43:15 dtucker Exp $"); #if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE) #include @@ -36,6 +36,32 @@ RCSID("$Id: auth-shadow.c,v 1.3 2004/02/11 07:48:52 dtucker Exp $"); extern Buffer loginmsg; +/* + * For the account and password expiration functions, we assume the expiry + * occurs the day after the day specified. + */ + +/* + * Check if specified account is expired. Returns 1 if account is expired, + * 0 otherwise. + */ +int +auth_shadow_acctexpired(struct spwd *spw) +{ + time_t today; + + today = time(NULL) / DAY; + debug3("%s: today %d sp_expire %d", __func__, (int)today, + (int)spw->sp_expire); + + if (spw->sp_expire != -1 && today > spw->sp_expire) { + logit("Account %.100s has expired", spw->sp_namp); + return 1; + } + + return 0; +} + /* * Checks password expiry for platforms that use shadow passwd files. * Returns: 1 = password expired, 0 = password not expired diff --git a/auth.c b/auth.c index c6e7c21c4..6d999221c 100644 --- a/auth.c +++ b/auth.c @@ -28,9 +28,9 @@ RCSID("$OpenBSD: auth.c,v 1.51 2003/11/21 11:57:02 djm Exp $"); #ifdef HAVE_LOGIN_H #include #endif -#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) +#ifdef USE_SHADOW #include -#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */ +#endif #ifdef HAVE_LIBGEN_H #include @@ -76,7 +76,7 @@ allowed_user(struct passwd * pw) const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL; char *shell; int i; -#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) +#ifdef USE_SHADOW struct spwd *spw = NULL; #endif @@ -84,34 +84,17 @@ allowed_user(struct passwd * pw) if (!pw || !pw->pw_name) return 0; -#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) +#ifdef USE_SHADOW if (!options.use_pam) spw = getspnam(pw->pw_name); #ifdef HAS_SHADOW_EXPIRE -#define DAY (24L * 60 * 60) /* 1 day in seconds */ - if (!options.use_pam && spw != NULL) { - int disabled = 0; - time_t today; - - today = time(NULL) / DAY; - debug3("allowed_user: today %d sp_expire %d sp_lstchg %d" - " sp_max %d", (int)today, (int)spw->sp_expire, - (int)spw->sp_lstchg, (int)spw->sp_max); - - /* - * We assume account and password expiration occurs the - * day after the day specified. - */ - if (spw->sp_expire != -1 && today > spw->sp_expire) { - logit("Account %.100s has expired", pw->pw_name); - return 0; - } - } + if (!options.use_pam && spw != NULL && auth_shadow_acctexpired(spw)) + return 0; #endif /* HAS_SHADOW_EXPIRE */ -#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */ +#endif /* USE_SHADOW */ /* grab passwd field for locked account check */ -#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) +#ifdef USE_SHADOW if (spw != NULL) passwd = spw->sp_pwdp; #else diff --git a/auth.h b/auth.h index b6a6a49a5..a8f61f403 100644 --- a/auth.h +++ b/auth.h @@ -122,7 +122,8 @@ int auth_krb5_password(Authctxt *authctxt, const char *password); void krb5_cleanup_proc(Authctxt *authctxt); #endif /* KRB5 */ -#ifdef USE_SHADOW +#if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE) +int auth_shadow_acctexpired(struct spwd *); int auth_shadow_pwexpired(Authctxt *); #endif -- cgit v1.2.3