Darren Tucker | 9df3def | 2004-02-10 13:01:14 +1100 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (c) 2004 Darren Tucker. All rights reserved. |
| 3 | * |
| 4 | * Redistribution and use in source and binary forms, with or without |
| 5 | * modification, are permitted provided that the following conditions |
| 6 | * are met: |
| 7 | * 1. Redistributions of source code must retain the above copyright |
| 8 | * notice, this list of conditions and the following disclaimer. |
| 9 | * 2. Redistributions in binary form must reproduce the above copyright |
| 10 | * notice, this list of conditions and the following disclaimer in the |
| 11 | * documentation and/or other materials provided with the distribution. |
| 12 | * |
| 13 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
| 14 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
| 15 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
| 16 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
| 17 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
| 18 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
| 19 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
| 20 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| 21 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 23 | */ |
| 24 | |
| 25 | #include "includes.h" |
Darren Tucker | 0d86829 | 2004-02-10 13:51:34 +1100 | [diff] [blame] | 26 | RCSID("$Id: auth-shadow.c,v 1.2 2004/02/10 02:51:34 dtucker Exp $"); |
Darren Tucker | 9df3def | 2004-02-10 13:01:14 +1100 | [diff] [blame] | 27 | |
| 28 | #ifdef USE_SHADOW |
| 29 | #include <shadow.h> |
| 30 | |
| 31 | #include "auth.h" |
Darren Tucker | 9df3def | 2004-02-10 13:01:14 +1100 | [diff] [blame] | 32 | #include "buffer.h" |
| 33 | #include "log.h" |
| 34 | |
| 35 | #define DAY (24L * 60 * 60) /* 1 day in seconds */ |
| 36 | |
| 37 | extern Buffer loginmsg; |
| 38 | |
| 39 | /* |
| 40 | * Checks password expiry for platforms that use shadow passwd files. |
| 41 | * Returns: 1 = password expired, 0 = password not expired |
| 42 | */ |
| 43 | int |
| 44 | auth_shadow_pwexpired(Authctxt *ctxt) |
| 45 | { |
| 46 | struct spwd *spw = NULL; |
| 47 | const char *user = ctxt->pw->pw_name; |
| 48 | time_t today; |
| 49 | |
| 50 | if ((spw = getspnam(user)) == NULL) { |
| 51 | error("Could not get shadow information for %.100s", user); |
| 52 | return 0; |
| 53 | } |
| 54 | |
| 55 | today = time(NULL) / DAY; |
| 56 | debug3("%s: today %d sp_lstchg %d sp_max %d", __func__, (int)today, |
| 57 | (int)spw->sp_lstchg, (int)spw->sp_max); |
| 58 | |
| 59 | #if defined(__hpux) && !defined(HAVE_SECUREWARE) |
| 60 | if (iscomsec() && spw->sp_min == 0 && spw->sp_max == 0 && |
| 61 | spw->sp_warn == 0) |
| 62 | return 0; /* HP-UX Trusted Mode: expiry disabled */ |
| 63 | #endif |
| 64 | |
| 65 | /* TODO: Add code to put expiry warnings into loginmsg */ |
| 66 | |
| 67 | if (spw->sp_lstchg == 0) { |
| 68 | logit("User %.100s password has expired (root forced)", user); |
| 69 | return 1; |
| 70 | } |
| 71 | |
| 72 | if (spw->sp_max != -1 && today > spw->sp_lstchg + spw->sp_max) { |
| 73 | logit("User %.100s password has expired (password aged)", user); |
| 74 | return 1; |
| 75 | } |
| 76 | |
| 77 | return 0; |
| 78 | } |
| 79 | #endif /* USE_SHADOW */ |