- (stevesk) [auth.c] Shadow account and expiration cleanup. Now
check for root forced expire. Still don't check for inactive.
This commit is contained in:
parent
0b47814b43
commit
f98fb721a0
|
@ -1,4 +1,6 @@
|
|||
20020510
|
||||
- (stevesk) [auth.c] Shadow account and expiration cleanup. Now
|
||||
check for root forced expire. Still don't check for inactive.
|
||||
- (djm) Rework RedHat RPM files. Based on spec from Nalin
|
||||
Dahyabhai <nalin@redhat.com> and patches from
|
||||
Pekka Savola <pekkas@netcore.fi>
|
||||
|
@ -557,4 +559,4 @@
|
|||
- (stevesk) entropy.c: typo in debug message
|
||||
- (djm) ssh-keygen -i needs seeded RNG; report from markus@
|
||||
|
||||
$Id: ChangeLog,v 1.2103 2002/05/10 02:40:15 mouring Exp $
|
||||
$Id: ChangeLog,v 1.2104 2002/05/10 15:48:52 stevesk Exp $
|
||||
|
|
29
auth.c
29
auth.c
|
@ -80,18 +80,35 @@ allowed_user(struct passwd * pw)
|
|||
if (!pw || !pw->pw_name)
|
||||
return 0;
|
||||
|
||||
#define DAY (24L * 60 * 60) /* 1 day in seconds */
|
||||
spw = getspnam(pw->pw_name);
|
||||
if (spw != NULL) {
|
||||
int days = time(NULL) / 86400;
|
||||
time_t today = time(NULL) / DAY;
|
||||
debug3("allowed_user: today %d sp_expire %d sp_lstchg %d"
|
||||
" sp_max %d", (int)today, (int)spw->sp_expire,
|
||||
(int)spw->sp_lstchg, (int)spw->sp_max);
|
||||
|
||||
/* Check account expiry */
|
||||
if ((spw->sp_expire >= 0) && (days > spw->sp_expire))
|
||||
/*
|
||||
* We assume account and password expiration occurs the
|
||||
* day after the day specified.
|
||||
*/
|
||||
if (spw->sp_expire != -1 && today > spw->sp_expire) {
|
||||
log("Account %.100s has expired", pw->pw_name);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Check password expiry */
|
||||
if ((spw->sp_lstchg >= 0) && (spw->sp_max >= 0) &&
|
||||
(days > (spw->sp_lstchg + spw->sp_max)))
|
||||
if (spw->sp_lstchg == 0) {
|
||||
log("User %.100s password has expired (root forced)",
|
||||
pw->pw_name);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (spw->sp_max != -1 &&
|
||||
today > spw->sp_lstchg + spw->sp_max) {
|
||||
log("User %.100s password has expired (password aged)",
|
||||
pw->pw_name);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
#else
|
||||
/* Shouldn't be called if pw is NULL, but better safe than sorry... */
|
||||
|
|
Loading…
Reference in New Issue