diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2004-02-10 03:01:14 +0100 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2004-02-10 03:01:14 +0100 |
| commit | 9df3defdbb122c406072760e07859a3b4ebf567e (patch) | |
| tree | 53444d450b96ce33715e16374ee97e1b72ebbb6e /auth-shadow.c | |
| parent | - (dtucker) [auth-passwd.c auth.h openbsd-compat/port-aix.c (diff) | |
| download | openssh-9df3defdbb122c406072760e07859a3b4ebf567e.tar.xz openssh-9df3defdbb122c406072760e07859a3b4ebf567e.zip | |
- (dtucker) [LICENCE Makefile.in auth-passwd.c auth-shadow.c auth.c auth.h
defines.h] Bug #14: Use do_pwchange to support password expiry and force
change for platforms using /etc/shadow. ok djm@
Diffstat (limited to 'auth-shadow.c')
| -rw-r--r-- | auth-shadow.c | 80 |
1 files changed, 80 insertions, 0 deletions
diff --git a/auth-shadow.c b/auth-shadow.c new file mode 100644 index 000000000..604b13304 --- /dev/null +++ b/auth-shadow.c @@ -0,0 +1,80 @@ +/* + * Copyright (c) 2004 Darren Tucker. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "includes.h" +RCSID("$Id: auth-shadow.c,v 1.1 2004/02/10 02:01:14 dtucker Exp $"); + +#ifdef USE_SHADOW +#include <shadow.h> + +#include "auth.h" +#include "auth-shadow.h" +#include "buffer.h" +#include "log.h" + +#define DAY (24L * 60 * 60) /* 1 day in seconds */ + +extern Buffer loginmsg; + +/* + * Checks password expiry for platforms that use shadow passwd files. + * Returns: 1 = password expired, 0 = password not expired + */ +int +auth_shadow_pwexpired(Authctxt *ctxt) +{ + struct spwd *spw = NULL; + const char *user = ctxt->pw->pw_name; + time_t today; + + if ((spw = getspnam(user)) == NULL) { + error("Could not get shadow information for %.100s", user); + return 0; + } + + today = time(NULL) / DAY; + debug3("%s: today %d sp_lstchg %d sp_max %d", __func__, (int)today, + (int)spw->sp_lstchg, (int)spw->sp_max); + +#if defined(__hpux) && !defined(HAVE_SECUREWARE) + if (iscomsec() && spw->sp_min == 0 && spw->sp_max == 0 && + spw->sp_warn == 0) + return 0; /* HP-UX Trusted Mode: expiry disabled */ +#endif + + /* TODO: Add code to put expiry warnings into loginmsg */ + + if (spw->sp_lstchg == 0) { + logit("User %.100s password has expired (root forced)", user); + return 1; + } + + if (spw->sp_max != -1 && today > spw->sp_lstchg + spw->sp_max) { + logit("User %.100s password has expired (password aged)", user); + return 1; + } + + return 0; +} +#endif /* USE_SHADOW */ |