Darren Tucker | 9df3def | 2004-02-10 13:01:14 +1100 | [diff] [blame^] | 1 | /* |
| 2 | * Copyright (c) 2004 Darren Tucker. All rights reserved. |
| 3 | * |
| 4 | * Redistribution and use in source and binary forms, with or without |
| 5 | * modification, are permitted provided that the following conditions |
| 6 | * are met: |
| 7 | * 1. Redistributions of source code must retain the above copyright |
| 8 | * notice, this list of conditions and the following disclaimer. |
| 9 | * 2. Redistributions in binary form must reproduce the above copyright |
| 10 | * notice, this list of conditions and the following disclaimer in the |
| 11 | * documentation and/or other materials provided with the distribution. |
| 12 | * |
| 13 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
| 14 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
| 15 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
| 16 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
| 17 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
| 18 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
| 19 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
| 20 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| 21 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 23 | */ |
| 24 | |
| 25 | #include "includes.h" |
| 26 | RCSID("$Id: auth-shadow.c,v 1.1 2004/02/10 02:01:14 dtucker Exp $"); |
| 27 | |
| 28 | #ifdef USE_SHADOW |
| 29 | #include <shadow.h> |
| 30 | |
| 31 | #include "auth.h" |
| 32 | #include "auth-shadow.h" |
| 33 | #include "buffer.h" |
| 34 | #include "log.h" |
| 35 | |
| 36 | #define DAY (24L * 60 * 60) /* 1 day in seconds */ |
| 37 | |
| 38 | extern Buffer loginmsg; |
| 39 | |
| 40 | /* |
| 41 | * Checks password expiry for platforms that use shadow passwd files. |
| 42 | * Returns: 1 = password expired, 0 = password not expired |
| 43 | */ |
| 44 | int |
| 45 | auth_shadow_pwexpired(Authctxt *ctxt) |
| 46 | { |
| 47 | struct spwd *spw = NULL; |
| 48 | const char *user = ctxt->pw->pw_name; |
| 49 | time_t today; |
| 50 | |
| 51 | if ((spw = getspnam(user)) == NULL) { |
| 52 | error("Could not get shadow information for %.100s", user); |
| 53 | return 0; |
| 54 | } |
| 55 | |
| 56 | today = time(NULL) / DAY; |
| 57 | debug3("%s: today %d sp_lstchg %d sp_max %d", __func__, (int)today, |
| 58 | (int)spw->sp_lstchg, (int)spw->sp_max); |
| 59 | |
| 60 | #if defined(__hpux) && !defined(HAVE_SECUREWARE) |
| 61 | if (iscomsec() && spw->sp_min == 0 && spw->sp_max == 0 && |
| 62 | spw->sp_warn == 0) |
| 63 | return 0; /* HP-UX Trusted Mode: expiry disabled */ |
| 64 | #endif |
| 65 | |
| 66 | /* TODO: Add code to put expiry warnings into loginmsg */ |
| 67 | |
| 68 | if (spw->sp_lstchg == 0) { |
| 69 | logit("User %.100s password has expired (root forced)", user); |
| 70 | return 1; |
| 71 | } |
| 72 | |
| 73 | if (spw->sp_max != -1 && today > spw->sp_lstchg + spw->sp_max) { |
| 74 | logit("User %.100s password has expired (password aged)", user); |
| 75 | return 1; |
| 76 | } |
| 77 | |
| 78 | return 0; |
| 79 | } |
| 80 | #endif /* USE_SHADOW */ |