From 2c1eb82695ff4628ad61bc5a9e70fb9d7826446f Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 13 Jun 2008 11:13:13 +1000 Subject: - (dtucker) [auth-sia.c] Bug #1241: support password expiry on Tru64 SIA systems. Patch from R. Scott Bailey. --- auth-sia.c | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) (limited to 'auth-sia.c') diff --git a/auth-sia.c b/auth-sia.c index a9e1c258c..debf30201 100644 --- a/auth-sia.c +++ b/auth-sia.c @@ -34,6 +34,10 @@ #include #include #include +#include +#include +#include +#include #include "ssh.h" #include "key.h" @@ -49,6 +53,52 @@ extern ServerOptions options; extern int saved_argc; extern char **saved_argv; +static int +sia_password_change_required(const char *user) +{ + struct es_passwd *acct; + time_t pw_life; + time_t pw_date; + + set_auth_parameters(saved_argc, saved_argv); + + if ((acct = getespwnam(user)) == NULL) { + error("Couldn't access protected database entry for %s", user); + endprpwent(); + return (0); + } + + /* If forced password change flag is set, honor it */ + if (acct->uflg->fg_psw_chg_reqd && acct->ufld->fd_psw_chg_reqd) { + endprpwent(); + return (1); + } + + /* Obtain password lifetime; if none, it can't have expired */ + if (acct->uflg->fg_expire) + pw_life = acct->ufld->fd_expire; + else if (acct->sflg->fg_expire) + pw_life = acct->sfld->fd_expire; + else { + endprpwent(); + return (0); + } + + /* Offset from last change; if none, it must be expired */ + if (acct->uflg->fg_schange) + pw_date = acct->ufld->fd_schange + pw_life; + else { + endprpwent(); + return (1); + } + + endprpwent(); + + /* If expiration date is prior to now, change password */ + + return (pw_date <= time((time_t *) NULL)); +} + int sys_auth_passwd(Authctxt *authctxt, const char *pass) { @@ -76,6 +126,9 @@ sys_auth_passwd(Authctxt *authctxt, const char *pass) sia_ses_release(&ent); + authctxt->force_pwchange = sia_password_change_required( + authctxt->user); + return (1); } -- cgit v1.2.3