Branch data Line data Source code
1 : : /*
2 : : * Copyright (c) 2004 Darren Tucker. All rights reserved.
3 : : *
4 : : * Redistribution and use in source and binary forms, with or without
5 : : * modification, are permitted provided that the following conditions
6 : : * are met:
7 : : * 1. Redistributions of source code must retain the above copyright
8 : : * notice, this list of conditions and the following disclaimer.
9 : : * 2. Redistributions in binary form must reproduce the above copyright
10 : : * notice, this list of conditions and the following disclaimer in the
11 : : * documentation and/or other materials provided with the distribution.
12 : : *
13 : : * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
14 : : * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
15 : : * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
16 : : * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
17 : : * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
18 : : * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
19 : : * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
20 : : * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
21 : : * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
22 : : * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23 : : */
24 : :
25 : : #include "includes.h"
26 : :
27 : : #if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
28 : : #include <shadow.h>
29 : : #include <stdarg.h>
30 : : #include <string.h>
31 : : #include <time.h>
32 : :
33 : : #include "key.h"
34 : : #include "hostfile.h"
35 : : #include "auth.h"
36 : : #include "buffer.h"
37 : : #include "log.h"
38 : :
39 : : #ifdef DAY
40 : : # undef DAY
41 : : #endif
42 : : #define DAY (24L * 60 * 60) /* 1 day in seconds */
43 : :
44 : : extern Buffer loginmsg;
45 : :
46 : : /*
47 : : * For the account and password expiration functions, we assume the expiry
48 : : * occurs the day after the day specified.
49 : : */
50 : :
51 : : /*
52 : : * Check if specified account is expired. Returns 1 if account is expired,
53 : : * 0 otherwise.
54 : : */
55 : : int
56 : 0 : auth_shadow_acctexpired(struct spwd *spw)
57 : : {
58 : : time_t today;
59 : : int daysleft;
60 : : char buf[256];
61 : :
62 : 0 : today = time(NULL) / DAY;
63 : 0 : daysleft = spw->sp_expire - today;
64 : 0 : debug3("%s: today %d sp_expire %d days left %d", __func__, (int)today,
65 : : (int)spw->sp_expire, daysleft);
66 : :
67 [ # # ]: 0 : if (spw->sp_expire == -1) {
68 : 0 : debug3("account expiration disabled");
69 [ # # ]: 0 : } else if (daysleft < 0) {
70 : 0 : logit("Account %.100s has expired", spw->sp_namp);
71 : 0 : return 1;
72 [ # # ]: 0 : } else if (daysleft <= spw->sp_warn) {
73 : 0 : debug3("account will expire in %d days", daysleft);
74 [ # # ]: 0 : snprintf(buf, sizeof(buf),
75 : : "Your account will expire in %d day%s.\n", daysleft,
76 : : daysleft == 1 ? "" : "s");
77 : 0 : buffer_append(&loginmsg, buf, strlen(buf));
78 : : }
79 : :
80 : : return 0;
81 : : }
82 : :
83 : : /*
84 : : * Checks password expiry for platforms that use shadow passwd files.
85 : : * Returns: 1 = password expired, 0 = password not expired
86 : : */
87 : : int
88 : 0 : auth_shadow_pwexpired(Authctxt *ctxt)
89 : : {
90 : 0 : struct spwd *spw = NULL;
91 : 0 : const char *user = ctxt->pw->pw_name;
92 : : char buf[256];
93 : : time_t today;
94 : 0 : int daysleft, disabled = 0;
95 : :
96 [ # # ]: 0 : if ((spw = getspnam((char *)user)) == NULL) {
97 : 0 : error("Could not get shadow information for %.100s", user);
98 : 0 : return 0;
99 : : }
100 : :
101 : 0 : today = time(NULL) / DAY;
102 : 0 : debug3("%s: today %d sp_lstchg %d sp_max %d", __func__, (int)today,
103 : 0 : (int)spw->sp_lstchg, (int)spw->sp_max);
104 : :
105 : : #if defined(__hpux) && !defined(HAVE_SECUREWARE)
106 : : if (iscomsec()) {
107 : : struct pr_passwd *pr;
108 : :
109 : : pr = getprpwnam((char *)user);
110 : :
111 : : /* Test for Trusted Mode expiry disabled */
112 : : if (pr != NULL && pr->ufld.fd_min == 0 &&
113 : : pr->ufld.fd_lifetime == 0 && pr->ufld.fd_expire == 0 &&
114 : : pr->ufld.fd_pw_expire_warning == 0 &&
115 : : pr->ufld.fd_schange != 0)
116 : : disabled = 1;
117 : : }
118 : : #endif
119 : :
120 : : /* TODO: check sp_inact */
121 : 0 : daysleft = spw->sp_lstchg + spw->sp_max - today;
122 : : if (disabled) {
123 : : debug3("password expiration disabled");
124 [ # # ]: 0 : } else if (spw->sp_lstchg == 0) {
125 : 0 : logit("User %.100s password has expired (root forced)", user);
126 : 0 : return 1;
127 [ # # ]: 0 : } else if (spw->sp_max == -1) {
128 : 0 : debug3("password expiration disabled");
129 [ # # ]: 0 : } else if (daysleft < 0) {
130 : 0 : logit("User %.100s password has expired (password aged)", user);
131 : 0 : return 1;
132 [ # # ]: 0 : } else if (daysleft <= spw->sp_warn) {
133 : 0 : debug3("password will expire in %d days", daysleft);
134 [ # # ]: 0 : snprintf(buf, sizeof(buf),
135 : : "Your password will expire in %d day%s.\n", daysleft,
136 : : daysleft == 1 ? "" : "s");
137 : 0 : buffer_append(&loginmsg, buf, strlen(buf));
138 : : }
139 : :
140 : : return 0;
141 : : }
142 : : #endif /* USE_SHADOW && HAS_SHADOW_EXPIRE */
|