From 15ee748f2835f301499f8c31b6b4e56f5deca7de Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@zip.com.au>
Date: Sun, 22 Feb 2004 09:43:15 +1100
Subject: [PATCH]  - (dtucker) [auth-shadow.c auth.c auth.h] Move shadow
 account expiry test    to auth-shadow.c, no functional change.  ok djm@

---
 ChangeLog     |  6 +++++-
 auth-shadow.c | 28 +++++++++++++++++++++++++++-
 auth.c        | 33 ++++++++-------------------------
 auth.h        |  3 ++-
 4 files changed, 42 insertions(+), 28 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index df4169bb5..38be7eb59 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+20040222
+ - (dtucker) [auth-shadow.c auth.c auth.h] Move shadow account expiry test
+   to auth-shadow.c, no functional change.  ok djm@
+
 20040220
  - (djm) [openbsd-compat/setproctitle.c] fix comments; from grange@
 
@@ -1886,4 +1890,4 @@
  - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
    Report from murple@murple.net, diagnosis from dtucker@zip.com.au
 
-$Id: ChangeLog,v 1.3240 2004/02/20 09:37:44 djm Exp $
+$Id: ChangeLog,v 1.3241 2004/02/21 22:43:15 dtucker Exp $
diff --git a/auth-shadow.c b/auth-shadow.c
index 76c0d9f52..7d699bc40 100644
--- a/auth-shadow.c
+++ b/auth-shadow.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$Id: auth-shadow.c,v 1.3 2004/02/11 07:48:52 dtucker Exp $");
+RCSID("$Id: auth-shadow.c,v 1.4 2004/02/21 22:43:15 dtucker Exp $");
 
 #if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
 #include <shadow.h>
@@ -36,6 +36,32 @@ RCSID("$Id: auth-shadow.c,v 1.3 2004/02/11 07:48:52 dtucker Exp $");
 
 extern Buffer loginmsg;
 
+/*
+ * For the account and password expiration functions, we assume the expiry
+ * occurs the day after the day specified.
+ */
+
+/*
+ * Check if specified account is expired.  Returns 1 if account is expired,
+ * 0 otherwise.
+ */
+int
+auth_shadow_acctexpired(struct spwd *spw)
+{
+	time_t today;
+
+	today = time(NULL) / DAY;
+	debug3("%s: today %d sp_expire %d", __func__, (int)today,
+	    (int)spw->sp_expire);
+
+	if (spw->sp_expire != -1 && today > spw->sp_expire) {
+		logit("Account %.100s has expired", spw->sp_namp);
+		return 1;
+	}
+
+	return 0;
+}
+
 /*
  * Checks password expiry for platforms that use shadow passwd files.
  * Returns: 1 = password expired, 0 = password not expired
diff --git a/auth.c b/auth.c
index c6e7c21c4..6d999221c 100644
--- a/auth.c
+++ b/auth.c
@@ -28,9 +28,9 @@ RCSID("$OpenBSD: auth.c,v 1.51 2003/11/21 11:57:02 djm Exp $");
 #ifdef HAVE_LOGIN_H
 #include <login.h>
 #endif
-#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
+#ifdef USE_SHADOW
 #include <shadow.h>
-#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
+#endif
 
 #ifdef HAVE_LIBGEN_H
 #include <libgen.h>
@@ -76,7 +76,7 @@ allowed_user(struct passwd * pw)
 	const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL;
 	char *shell;
 	int i;
-#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
+#ifdef USE_SHADOW
 	struct spwd *spw = NULL;
 #endif
 
@@ -84,34 +84,17 @@ allowed_user(struct passwd * pw)
 	if (!pw || !pw->pw_name)
 		return 0;
 
-#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
+#ifdef USE_SHADOW
 	if (!options.use_pam)
 		spw = getspnam(pw->pw_name);
 #ifdef HAS_SHADOW_EXPIRE
-#define	DAY		(24L * 60 * 60) /* 1 day in seconds */
-	if (!options.use_pam && spw != NULL) {
-		int disabled = 0;
-		time_t today;
-
-		today = time(NULL) / DAY;
-		debug3("allowed_user: today %d sp_expire %d sp_lstchg %d"
-		    " sp_max %d", (int)today, (int)spw->sp_expire,
-		    (int)spw->sp_lstchg, (int)spw->sp_max);
-
-		/*
-		 * We assume account and password expiration occurs the
-		 * day after the day specified.
-		 */
-		if (spw->sp_expire != -1 && today > spw->sp_expire) {
-			logit("Account %.100s has expired", pw->pw_name);
-			return 0;
-		}
-	}
+	if (!options.use_pam && spw != NULL && auth_shadow_acctexpired(spw))
+		return 0;
 #endif /* HAS_SHADOW_EXPIRE */
-#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
+#endif /* USE_SHADOW */
 
 	/* grab passwd field for locked account check */
-#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
+#ifdef USE_SHADOW
 	if (spw != NULL)
 		passwd = spw->sp_pwdp;
 #else
diff --git a/auth.h b/auth.h
index b6a6a49a5..a8f61f403 100644
--- a/auth.h
+++ b/auth.h
@@ -122,7 +122,8 @@ int	auth_krb5_password(Authctxt *authctxt, const char *password);
 void	krb5_cleanup_proc(Authctxt *authctxt);
 #endif /* KRB5 */
 
-#ifdef USE_SHADOW
+#if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
+int auth_shadow_acctexpired(struct spwd *);
 int auth_shadow_pwexpired(Authctxt *);
 #endif