- (stevesk) [auth.c] Shadow account and expiration cleanup. Now
check for root forced expire. Still don't check for inactive.
This commit is contained in:
parent
0b47814b43
commit
f98fb721a0
|
@ -1,4 +1,6 @@
|
||||||
20020510
|
20020510
|
||||||
|
- (stevesk) [auth.c] Shadow account and expiration cleanup. Now
|
||||||
|
check for root forced expire. Still don't check for inactive.
|
||||||
- (djm) Rework RedHat RPM files. Based on spec from Nalin
|
- (djm) Rework RedHat RPM files. Based on spec from Nalin
|
||||||
Dahyabhai <nalin@redhat.com> and patches from
|
Dahyabhai <nalin@redhat.com> and patches from
|
||||||
Pekka Savola <pekkas@netcore.fi>
|
Pekka Savola <pekkas@netcore.fi>
|
||||||
|
@ -557,4 +559,4 @@
|
||||||
- (stevesk) entropy.c: typo in debug message
|
- (stevesk) entropy.c: typo in debug message
|
||||||
- (djm) ssh-keygen -i needs seeded RNG; report from markus@
|
- (djm) ssh-keygen -i needs seeded RNG; report from markus@
|
||||||
|
|
||||||
$Id: ChangeLog,v 1.2103 2002/05/10 02:40:15 mouring Exp $
|
$Id: ChangeLog,v 1.2104 2002/05/10 15:48:52 stevesk Exp $
|
||||||
|
|
29
auth.c
29
auth.c
|
@ -80,18 +80,35 @@ allowed_user(struct passwd * pw)
|
||||||
if (!pw || !pw->pw_name)
|
if (!pw || !pw->pw_name)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
|
#define DAY (24L * 60 * 60) /* 1 day in seconds */
|
||||||
spw = getspnam(pw->pw_name);
|
spw = getspnam(pw->pw_name);
|
||||||
if (spw != NULL) {
|
if (spw != NULL) {
|
||||||
int days = time(NULL) / 86400;
|
time_t today = time(NULL) / DAY;
|
||||||
|
debug3("allowed_user: today %d sp_expire %d sp_lstchg %d"
|
||||||
|
" sp_max %d", (int)today, (int)spw->sp_expire,
|
||||||
|
(int)spw->sp_lstchg, (int)spw->sp_max);
|
||||||
|
|
||||||
/* Check account expiry */
|
/*
|
||||||
if ((spw->sp_expire >= 0) && (days > spw->sp_expire))
|
* We assume account and password expiration occurs the
|
||||||
|
* day after the day specified.
|
||||||
|
*/
|
||||||
|
if (spw->sp_expire != -1 && today > spw->sp_expire) {
|
||||||
|
log("Account %.100s has expired", pw->pw_name);
|
||||||
return 0;
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
/* Check password expiry */
|
if (spw->sp_lstchg == 0) {
|
||||||
if ((spw->sp_lstchg >= 0) && (spw->sp_max >= 0) &&
|
log("User %.100s password has expired (root forced)",
|
||||||
(days > (spw->sp_lstchg + spw->sp_max)))
|
pw->pw_name);
|
||||||
return 0;
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (spw->sp_max != -1 &&
|
||||||
|
today > spw->sp_lstchg + spw->sp_max) {
|
||||||
|
log("User %.100s password has expired (password aged)",
|
||||||
|
pw->pw_name);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
#else
|
#else
|
||||||
/* Shouldn't be called if pw is NULL, but better safe than sorry... */
|
/* Shouldn't be called if pw is NULL, but better safe than sorry... */
|
||||||
|
|
Loading…
Reference in New Issue