|
Added
Link Here
|
| 1 |
/* |
| 2 |
* Copyright (c) 2004 Darren Tucker. All rights reserved. |
| 3 |
* |
| 4 |
* Redistribution and use in source and binary forms, with or without |
| 5 |
* modification, are permitted provided that the following conditions |
| 6 |
* are met: |
| 7 |
* 1. Redistributions of source code must retain the above copyright |
| 8 |
* notice, this list of conditions and the following disclaimer. |
| 9 |
* 2. Redistributions in binary form must reproduce the above copyright |
| 10 |
* notice, this list of conditions and the following disclaimer in the |
| 11 |
* documentation and/or other materials provided with the distribution. |
| 12 |
* |
| 13 |
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
| 14 |
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
| 15 |
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
| 16 |
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
| 17 |
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
| 18 |
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
| 19 |
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
| 20 |
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| 21 |
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 22 |
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 23 |
*/ |
| 24 |
|
| 25 |
#include "includes.h" |
| 26 |
RCSID("$Id$"); |
| 27 |
|
| 28 |
#ifdef USE_SHADOW |
| 29 |
#include <shadow.h> |
| 30 |
|
| 31 |
#include "auth.h" |
| 32 |
#include "auth-shadow.h" |
| 33 |
#include "buffer.h" |
| 34 |
#include "log.h" |
| 35 |
|
| 36 |
#define DAY (24L * 60 * 60) /* 1 day in seconds */ |
| 37 |
|
| 38 |
extern Buffer loginmsg; |
| 39 |
|
| 40 |
/* |
| 41 |
* Check shadow password expiry. |
| 42 |
* Returns: 1 = password expired, 0 = password not expired |
| 43 |
*/ |
| 44 |
int |
| 45 |
auth_shadow_pwexpired(Authctxt *ctxt) |
| 46 |
{ |
| 47 |
struct spwd *spw = NULL; |
| 48 |
const char *user = ctxt->pw->pw_name; |
| 49 |
time_t today; |
| 50 |
|
| 51 |
if ((spw = getspnam(user)) == NULL) { |
| 52 |
error("Could not get shadow information for %.100s", user); |
| 53 |
return 0; |
| 54 |
} |
| 55 |
|
| 56 |
today = time(NULL) / DAY; |
| 57 |
debug3("%s: today %d sp_lstchg %d sp_max %d", __func__, (int)today, |
| 58 |
(int)spw->sp_lstchg, (int)spw->sp_max); |
| 59 |
|
| 60 |
#if defined(__hpux) && !defined(HAVE_SECUREWARE) |
| 61 |
if (iscomsec() && spw->sp_min == 0 && spw->sp_max == 0 && |
| 62 |
spw->sp_warn == 0) |
| 63 |
return 0; /* HP-UX Trusted Mode: expiry disabled */ |
| 64 |
#endif |
| 65 |
|
| 66 |
/* TODO: Add code to put expiry warnings into loginmsg */ |
| 67 |
|
| 68 |
if (spw->sp_lstchg == 0) { |
| 69 |
logit("User %.100s password has expired (root forced)", user); |
| 70 |
return 1; |
| 71 |
} |
| 72 |
|
| 73 |
if (spw->sp_max != -1 && today > spw->sp_lstchg + spw->sp_max) { |
| 74 |
logit("User %.100s password has expired (password aged)", user); |
| 75 |
return 1; |
| 76 |
} |
| 77 |
|
| 78 |
return 0; |
| 79 |
} |
| 80 |
#endif /* USE_SHADOW */ |