|
1
by Noah Meyerhans
Import upstream version 3.8.1p1 |
1 |
/*
|
2 |
* Copyright (c) 2004 Darren Tucker. All rights reserved.
|
|
3 |
*
|
|
4 |
* Redistribution and use in source and binary forms, with or without
|
|
5 |
* modification, are permitted provided that the following conditions
|
|
6 |
* are met:
|
|
7 |
* 1. Redistributions of source code must retain the above copyright
|
|
8 |
* notice, this list of conditions and the following disclaimer.
|
|
9 |
* 2. Redistributions in binary form must reproduce the above copyright
|
|
10 |
* notice, this list of conditions and the following disclaimer in the
|
|
11 |
* documentation and/or other materials provided with the distribution.
|
|
12 |
*
|
|
13 |
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
|
14 |
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
|
15 |
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
|
16 |
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
17 |
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
18 |
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
19 |
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
20 |
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
21 |
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
|
22 |
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
23 |
*/
|
|
24 |
||
25 |
#include "includes.h" |
|
26 |
||
27 |
#if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
|
|
28 |
#include <shadow.h> |
|
|
1.13.1
by Colin Watson
Import upstream version 4.6p1 |
29 |
#include <stdarg.h> |
30 |
#include <string.h> |
|
|
1.13.2
by Colin Watson
Import upstream version 4.7p1 |
31 |
#include <time.h> |
|
1
by Noah Meyerhans
Import upstream version 3.8.1p1 |
32 |
|
|
1.13.1
by Colin Watson
Import upstream version 4.6p1 |
33 |
#include "key.h" |
34 |
#include "hostfile.h" |
|
|
1
by Noah Meyerhans
Import upstream version 3.8.1p1 |
35 |
#include "auth.h" |
36 |
#include "buffer.h" |
|
37 |
#include "log.h" |
|
38 |
||
|
1.1.2
by Colin Watson
Import upstream version 4.1p1 |
39 |
#ifdef DAY
|
40 |
# undef DAY
|
|
41 |
#endif
|
|
|
1
by Noah Meyerhans
Import upstream version 3.8.1p1 |
42 |
#define DAY (24L * 60 * 60) /* 1 day in seconds */ |
43 |
||
44 |
extern Buffer loginmsg; |
|
45 |
||
46 |
/*
|
|
47 |
* For the account and password expiration functions, we assume the expiry
|
|
48 |
* occurs the day after the day specified.
|
|
49 |
*/
|
|
50 |
||
51 |
/*
|
|
52 |
* Check if specified account is expired. Returns 1 if account is expired,
|
|
53 |
* 0 otherwise.
|
|
54 |
*/
|
|
55 |
int
|
|
56 |
auth_shadow_acctexpired(struct spwd *spw) |
|
57 |
{
|
|
58 |
time_t today; |
|
59 |
int daysleft; |
|
60 |
char buf[256]; |
|
61 |
||
62 |
today = time(NULL) / DAY; |
|
63 |
daysleft = spw->sp_expire - today; |
|
64 |
debug3("%s: today %d sp_expire %d days left %d", __func__, (int)today, |
|
65 |
(int)spw->sp_expire, daysleft); |
|
66 |
||
67 |
if (spw->sp_expire == -1) { |
|
68 |
debug3("account expiration disabled"); |
|
69 |
} else if (daysleft < 0) { |
|
70 |
logit("Account %.100s has expired", spw->sp_namp); |
|
71 |
return 1; |
|
72 |
} else if (daysleft <= spw->sp_warn) { |
|
73 |
debug3("account will expire in %d days", daysleft); |
|
74 |
snprintf(buf, sizeof(buf), |
|
75 |
"Your account will expire in %d day%s.\n", daysleft, |
|
76 |
daysleft == 1 ? "" : "s"); |
|
77 |
buffer_append(&loginmsg, buf, strlen(buf)); |
|
78 |
}
|
|
79 |
||
80 |
return 0; |
|
81 |
}
|
|
82 |
||
83 |
/*
|
|
84 |
* Checks password expiry for platforms that use shadow passwd files.
|
|
85 |
* Returns: 1 = password expired, 0 = password not expired
|
|
86 |
*/
|
|
87 |
int
|
|
88 |
auth_shadow_pwexpired(Authctxt *ctxt) |
|
89 |
{
|
|
90 |
struct spwd *spw = NULL; |
|
91 |
const char *user = ctxt->pw->pw_name; |
|
92 |
char buf[256]; |
|
93 |
time_t today; |
|
94 |
int daysleft, disabled = 0; |
|
95 |
||
96 |
if ((spw = getspnam((char *)user)) == NULL) { |
|
97 |
error("Could not get shadow information for %.100s", user); |
|
98 |
return 0; |
|
99 |
}
|
|
100 |
||
101 |
today = time(NULL) / DAY; |
|
102 |
debug3("%s: today %d sp_lstchg %d sp_max %d", __func__, (int)today, |
|
103 |
(int)spw->sp_lstchg, (int)spw->sp_max); |
|
104 |
||
105 |
#if defined(__hpux) && !defined(HAVE_SECUREWARE)
|
|
106 |
if (iscomsec()) { |
|
107 |
struct pr_passwd *pr; |
|
|
1.1.3
by Colin Watson
Import upstream version 4.2p1 |
108 |
|
|
1
by Noah Meyerhans
Import upstream version 3.8.1p1 |
109 |
pr = getprpwnam((char *)user); |
110 |
||
111 |
/* Test for Trusted Mode expiry disabled */
|
|
112 |
if (pr != NULL && pr->ufld.fd_min == 0 && |
|
113 |
pr->ufld.fd_lifetime == 0 && pr->ufld.fd_expire == 0 && |
|
114 |
pr->ufld.fd_pw_expire_warning == 0 && |
|
115 |
pr->ufld.fd_schange != 0) |
|
116 |
disabled = 1; |
|
117 |
}
|
|
118 |
#endif
|
|
119 |
||
120 |
/* TODO: check sp_inact */
|
|
121 |
daysleft = spw->sp_lstchg + spw->sp_max - today; |
|
122 |
if (disabled) { |
|
123 |
debug3("password expiration disabled"); |
|
124 |
} else if (spw->sp_lstchg == 0) { |
|
125 |
logit("User %.100s password has expired (root forced)", user); |
|
126 |
return 1; |
|
127 |
} else if (spw->sp_max == -1) { |
|
128 |
debug3("password expiration disabled"); |
|
129 |
} else if (daysleft < 0) { |
|
130 |
logit("User %.100s password has expired (password aged)", user); |
|
131 |
return 1; |
|
132 |
} else if (daysleft <= spw->sp_warn) { |
|
133 |
debug3("password will expire in %d days", daysleft); |
|
134 |
snprintf(buf, sizeof(buf), |
|
135 |
"Your password will expire in %d day%s.\n", daysleft, |
|
136 |
daysleft == 1 ? "" : "s"); |
|
137 |
buffer_append(&loginmsg, buf, strlen(buf)); |
|
138 |
}
|
|
139 |
||
140 |
return 0; |
|
141 |
}
|
|
142 |
#endif /* USE_SHADOW && HAS_SHADOW_EXPIRE */ |