diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2004-02-22 09:43:15 +1100 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2004-02-22 09:43:15 +1100 |
| commit | 15ee748f2835f301499f8c31b6b4e56f5deca7de (patch) | |
| tree | 513b99b8e7fcbaf90a7444bfb6ab47b86d90025d | |
| parent | 2e45cb0fb4a1250792e27ce14c556661719e5861 (diff) | |
- (dtucker) [auth-shadow.c auth.c auth.h] Move shadow account expiry test
to auth-shadow.c, no functional change. ok djm@
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | auth-shadow.c | 28 | ||||
| -rw-r--r-- | auth.c | 33 | ||||
| -rw-r--r-- | auth.h | 3 |
4 files changed, 42 insertions, 28 deletions
@@ -1,3 +1,7 @@ +20040222 + - (dtucker) [auth-shadow.c auth.c auth.h] Move shadow account expiry test + to auth-shadow.c, no functional change. ok djm@ + 20040220 - (djm) [openbsd-compat/setproctitle.c] fix comments; from grange@ @@ -1886,4 +1890,4 @@ - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. Report from murple@murple.net, diagnosis from dtucker@zip.com.au -$Id: ChangeLog,v 1.3240 2004/02/20 09:37:44 djm Exp $ +$Id: ChangeLog,v 1.3241 2004/02/21 22:43:15 dtucker Exp $ diff --git a/auth-shadow.c b/auth-shadow.c index 76c0d9f5..7d699bc4 100644 --- a/auth-shadow.c +++ b/auth-shadow.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$Id: auth-shadow.c,v 1.3 2004/02/11 07:48:52 dtucker Exp $"); +RCSID("$Id: auth-shadow.c,v 1.4 2004/02/21 22:43:15 dtucker Exp $"); #if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE) #include <shadow.h> @@ -37,6 +37,32 @@ RCSID("$Id: auth-shadow.c,v 1.3 2004/02/11 07:48:52 dtucker Exp $"); extern Buffer loginmsg; /* + * For the account and password expiration functions, we assume the expiry + * occurs the day after the day specified. + */ + +/* + * Check if specified account is expired. Returns 1 if account is expired, + * 0 otherwise. + */ +int +auth_shadow_acctexpired(struct spwd *spw) +{ + time_t today; + + today = time(NULL) / DAY; + debug3("%s: today %d sp_expire %d", __func__, (int)today, + (int)spw->sp_expire); + + if (spw->sp_expire != -1 && today > spw->sp_expire) { + logit("Account %.100s has expired", spw->sp_namp); + return 1; + } + + return 0; +} + +/* * Checks password expiry for platforms that use shadow passwd files. * Returns: 1 = password expired, 0 = password not expired */ @@ -28,9 +28,9 @@ RCSID("$OpenBSD: auth.c,v 1.51 2003/11/21 11:57:02 djm Exp $"); #ifdef HAVE_LOGIN_H #include <login.h> #endif -#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) +#ifdef USE_SHADOW #include <shadow.h> -#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */ +#endif #ifdef HAVE_LIBGEN_H #include <libgen.h> @@ -76,7 +76,7 @@ allowed_user(struct passwd * pw) const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL; char *shell; int i; -#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) +#ifdef USE_SHADOW struct spwd *spw = NULL; #endif @@ -84,34 +84,17 @@ allowed_user(struct passwd * pw) if (!pw || !pw->pw_name) return 0; -#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) +#ifdef USE_SHADOW if (!options.use_pam) spw = getspnam(pw->pw_name); #ifdef HAS_SHADOW_EXPIRE -#define DAY (24L * 60 * 60) /* 1 day in seconds */ - if (!options.use_pam && spw != NULL) { - int disabled = 0; - time_t today; - - today = time(NULL) / DAY; - debug3("allowed_user: today %d sp_expire %d sp_lstchg %d" - " sp_max %d", (int)today, (int)spw->sp_expire, - (int)spw->sp_lstchg, (int)spw->sp_max); - - /* - * We assume account and password expiration occurs the - * day after the day specified. - */ - if (spw->sp_expire != -1 && today > spw->sp_expire) { - logit("Account %.100s has expired", pw->pw_name); - return 0; - } - } + if (!options.use_pam && spw != NULL && auth_shadow_acctexpired(spw)) + return 0; #endif /* HAS_SHADOW_EXPIRE */ -#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */ +#endif /* USE_SHADOW */ /* grab passwd field for locked account check */ -#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) +#ifdef USE_SHADOW if (spw != NULL) passwd = spw->sp_pwdp; #else @@ -122,7 +122,8 @@ int auth_krb5_password(Authctxt *authctxt, const char *password); void krb5_cleanup_proc(Authctxt *authctxt); #endif /* KRB5 */ -#ifdef USE_SHADOW +#if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE) +int auth_shadow_acctexpired(struct spwd *); int auth_shadow_pwexpired(Authctxt *); #endif |