- (dtucker) [auth-shadow.c auth.c auth.h] Move shadow account expiry test
to auth-shadow.c, no functional change. ok djm@
This commit is contained in:
parent
2e45cb0fb4
commit
15ee748f28
|
@ -1,3 +1,7 @@
|
|||
20040222
|
||||
- (dtucker) [auth-shadow.c auth.c auth.h] Move shadow account expiry test
|
||||
to auth-shadow.c, no functional change. ok djm@
|
||||
|
||||
20040220
|
||||
- (djm) [openbsd-compat/setproctitle.c] fix comments; from grange@
|
||||
|
||||
|
@ -1886,4 +1890,4 @@
|
|||
- Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
|
||||
Report from murple@murple.net, diagnosis from dtucker@zip.com.au
|
||||
|
||||
$Id: ChangeLog,v 1.3240 2004/02/20 09:37:44 djm Exp $
|
||||
$Id: ChangeLog,v 1.3241 2004/02/21 22:43:15 dtucker Exp $
|
||||
|
|
|
@ -23,7 +23,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$Id: auth-shadow.c,v 1.3 2004/02/11 07:48:52 dtucker Exp $");
|
||||
RCSID("$Id: auth-shadow.c,v 1.4 2004/02/21 22:43:15 dtucker Exp $");
|
||||
|
||||
#if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
|
||||
#include <shadow.h>
|
||||
|
@ -36,6 +36,32 @@ RCSID("$Id: auth-shadow.c,v 1.3 2004/02/11 07:48:52 dtucker Exp $");
|
|||
|
||||
extern Buffer loginmsg;
|
||||
|
||||
/*
|
||||
* For the account and password expiration functions, we assume the expiry
|
||||
* occurs the day after the day specified.
|
||||
*/
|
||||
|
||||
/*
|
||||
* Check if specified account is expired. Returns 1 if account is expired,
|
||||
* 0 otherwise.
|
||||
*/
|
||||
int
|
||||
auth_shadow_acctexpired(struct spwd *spw)
|
||||
{
|
||||
time_t today;
|
||||
|
||||
today = time(NULL) / DAY;
|
||||
debug3("%s: today %d sp_expire %d", __func__, (int)today,
|
||||
(int)spw->sp_expire);
|
||||
|
||||
if (spw->sp_expire != -1 && today > spw->sp_expire) {
|
||||
logit("Account %.100s has expired", spw->sp_namp);
|
||||
return 1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* Checks password expiry for platforms that use shadow passwd files.
|
||||
* Returns: 1 = password expired, 0 = password not expired
|
||||
|
|
33
auth.c
33
auth.c
|
@ -28,9 +28,9 @@ RCSID("$OpenBSD: auth.c,v 1.51 2003/11/21 11:57:02 djm Exp $");
|
|||
#ifdef HAVE_LOGIN_H
|
||||
#include <login.h>
|
||||
#endif
|
||||
#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
|
||||
#ifdef USE_SHADOW
|
||||
#include <shadow.h>
|
||||
#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_LIBGEN_H
|
||||
#include <libgen.h>
|
||||
|
@ -76,7 +76,7 @@ allowed_user(struct passwd * pw)
|
|||
const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL;
|
||||
char *shell;
|
||||
int i;
|
||||
#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
|
||||
#ifdef USE_SHADOW
|
||||
struct spwd *spw = NULL;
|
||||
#endif
|
||||
|
||||
|
@ -84,34 +84,17 @@ allowed_user(struct passwd * pw)
|
|||
if (!pw || !pw->pw_name)
|
||||
return 0;
|
||||
|
||||
#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
|
||||
#ifdef USE_SHADOW
|
||||
if (!options.use_pam)
|
||||
spw = getspnam(pw->pw_name);
|
||||
#ifdef HAS_SHADOW_EXPIRE
|
||||
#define DAY (24L * 60 * 60) /* 1 day in seconds */
|
||||
if (!options.use_pam && spw != NULL) {
|
||||
int disabled = 0;
|
||||
time_t today;
|
||||
|
||||
today = time(NULL) / DAY;
|
||||
debug3("allowed_user: today %d sp_expire %d sp_lstchg %d"
|
||||
" sp_max %d", (int)today, (int)spw->sp_expire,
|
||||
(int)spw->sp_lstchg, (int)spw->sp_max);
|
||||
|
||||
/*
|
||||
* We assume account and password expiration occurs the
|
||||
* day after the day specified.
|
||||
*/
|
||||
if (spw->sp_expire != -1 && today > spw->sp_expire) {
|
||||
logit("Account %.100s has expired", pw->pw_name);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
if (!options.use_pam && spw != NULL && auth_shadow_acctexpired(spw))
|
||||
return 0;
|
||||
#endif /* HAS_SHADOW_EXPIRE */
|
||||
#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
|
||||
#endif /* USE_SHADOW */
|
||||
|
||||
/* grab passwd field for locked account check */
|
||||
#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
|
||||
#ifdef USE_SHADOW
|
||||
if (spw != NULL)
|
||||
passwd = spw->sp_pwdp;
|
||||
#else
|
||||
|
|
3
auth.h
3
auth.h
|
@ -122,7 +122,8 @@ int auth_krb5_password(Authctxt *authctxt, const char *password);
|
|||
void krb5_cleanup_proc(Authctxt *authctxt);
|
||||
#endif /* KRB5 */
|
||||
|
||||
#ifdef USE_SHADOW
|
||||
#if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
|
||||
int auth_shadow_acctexpired(struct spwd *);
|
||||
int auth_shadow_pwexpired(Authctxt *);
|
||||
#endif
|
||||
|
||||
|
|
Loading…
Reference in New Issue