- (stevesk) [auth.c] Shadow account and expiration cleanup. Now

check for root forced expire.  Still don't check for inactive.
This commit is contained in:
Kevin Steves 2002-05-10 15:48:52 +00:00
parent 0b47814b43
commit f98fb721a0
2 changed files with 26 additions and 7 deletions

View File

@ -1,4 +1,6 @@
20020510
- (stevesk) [auth.c] Shadow account and expiration cleanup. Now
check for root forced expire. Still don't check for inactive.
- (djm) Rework RedHat RPM files. Based on spec from Nalin
Dahyabhai <nalin@redhat.com> and patches from
Pekka Savola <pekkas@netcore.fi>
@ -557,4 +559,4 @@
- (stevesk) entropy.c: typo in debug message
- (djm) ssh-keygen -i needs seeded RNG; report from markus@
$Id: ChangeLog,v 1.2103 2002/05/10 02:40:15 mouring Exp $
$Id: ChangeLog,v 1.2104 2002/05/10 15:48:52 stevesk Exp $

29
auth.c
View File

@ -80,18 +80,35 @@ allowed_user(struct passwd * pw)
if (!pw || !pw->pw_name)
return 0;
#define DAY (24L * 60 * 60) /* 1 day in seconds */
spw = getspnam(pw->pw_name);
if (spw != NULL) {
int days = time(NULL) / 86400;
time_t today = time(NULL) / DAY;
debug3("allowed_user: today %d sp_expire %d sp_lstchg %d"
" sp_max %d", (int)today, (int)spw->sp_expire,
(int)spw->sp_lstchg, (int)spw->sp_max);
/* Check account expiry */
if ((spw->sp_expire >= 0) && (days > spw->sp_expire))
/*
* We assume account and password expiration occurs the
* day after the day specified.
*/
if (spw->sp_expire != -1 && today > spw->sp_expire) {
log("Account %.100s has expired", pw->pw_name);
return 0;
}
/* Check password expiry */
if ((spw->sp_lstchg >= 0) && (spw->sp_max >= 0) &&
(days > (spw->sp_lstchg + spw->sp_max)))
if (spw->sp_lstchg == 0) {
log("User %.100s password has expired (root forced)",
pw->pw_name);
return 0;
}
if (spw->sp_max != -1 &&
today > spw->sp_lstchg + spw->sp_max) {
log("User %.100s password has expired (password aged)",
pw->pw_name);
return 0;
}
}
#else
/* Shouldn't be called if pw is NULL, but better safe than sorry... */