- (dtucker) [auth-shadow.c auth.c auth.h] Move shadow account expiry test

to auth-shadow.c, no functional change.  ok djm@
This commit is contained in:
Darren Tucker 2004-02-22 09:43:15 +11:00
parent 2e45cb0fb4
commit 15ee748f28
4 changed files with 42 additions and 28 deletions

View File

@ -1,3 +1,7 @@
20040222
- (dtucker) [auth-shadow.c auth.c auth.h] Move shadow account expiry test
to auth-shadow.c, no functional change. ok djm@
20040220
- (djm) [openbsd-compat/setproctitle.c] fix comments; from grange@
@ -1886,4 +1890,4 @@
- Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
Report from murple@murple.net, diagnosis from dtucker@zip.com.au
$Id: ChangeLog,v 1.3240 2004/02/20 09:37:44 djm Exp $
$Id: ChangeLog,v 1.3241 2004/02/21 22:43:15 dtucker Exp $

View File

@ -23,7 +23,7 @@
*/
#include "includes.h"
RCSID("$Id: auth-shadow.c,v 1.3 2004/02/11 07:48:52 dtucker Exp $");
RCSID("$Id: auth-shadow.c,v 1.4 2004/02/21 22:43:15 dtucker Exp $");
#if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
#include <shadow.h>
@ -36,6 +36,32 @@ RCSID("$Id: auth-shadow.c,v 1.3 2004/02/11 07:48:52 dtucker Exp $");
extern Buffer loginmsg;
/*
* For the account and password expiration functions, we assume the expiry
* occurs the day after the day specified.
*/
/*
* Check if specified account is expired. Returns 1 if account is expired,
* 0 otherwise.
*/
int
auth_shadow_acctexpired(struct spwd *spw)
{
time_t today;
today = time(NULL) / DAY;
debug3("%s: today %d sp_expire %d", __func__, (int)today,
(int)spw->sp_expire);
if (spw->sp_expire != -1 && today > spw->sp_expire) {
logit("Account %.100s has expired", spw->sp_namp);
return 1;
}
return 0;
}
/*
* Checks password expiry for platforms that use shadow passwd files.
* Returns: 1 = password expired, 0 = password not expired

33
auth.c
View File

@ -28,9 +28,9 @@ RCSID("$OpenBSD: auth.c,v 1.51 2003/11/21 11:57:02 djm Exp $");
#ifdef HAVE_LOGIN_H
#include <login.h>
#endif
#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
#ifdef USE_SHADOW
#include <shadow.h>
#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
#endif
#ifdef HAVE_LIBGEN_H
#include <libgen.h>
@ -76,7 +76,7 @@ allowed_user(struct passwd * pw)
const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL;
char *shell;
int i;
#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
#ifdef USE_SHADOW
struct spwd *spw = NULL;
#endif
@ -84,34 +84,17 @@ allowed_user(struct passwd * pw)
if (!pw || !pw->pw_name)
return 0;
#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
#ifdef USE_SHADOW
if (!options.use_pam)
spw = getspnam(pw->pw_name);
#ifdef HAS_SHADOW_EXPIRE
#define DAY (24L * 60 * 60) /* 1 day in seconds */
if (!options.use_pam && spw != NULL) {
int disabled = 0;
time_t today;
today = time(NULL) / DAY;
debug3("allowed_user: today %d sp_expire %d sp_lstchg %d"
" sp_max %d", (int)today, (int)spw->sp_expire,
(int)spw->sp_lstchg, (int)spw->sp_max);
/*
* We assume account and password expiration occurs the
* day after the day specified.
*/
if (spw->sp_expire != -1 && today > spw->sp_expire) {
logit("Account %.100s has expired", pw->pw_name);
return 0;
}
}
if (!options.use_pam && spw != NULL && auth_shadow_acctexpired(spw))
return 0;
#endif /* HAS_SHADOW_EXPIRE */
#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
#endif /* USE_SHADOW */
/* grab passwd field for locked account check */
#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
#ifdef USE_SHADOW
if (spw != NULL)
passwd = spw->sp_pwdp;
#else

3
auth.h
View File

@ -122,7 +122,8 @@ int auth_krb5_password(Authctxt *authctxt, const char *password);
void krb5_cleanup_proc(Authctxt *authctxt);
#endif /* KRB5 */
#ifdef USE_SHADOW
#if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
int auth_shadow_acctexpired(struct spwd *);
int auth_shadow_pwexpired(Authctxt *);
#endif