- /* Check for users with no password. */
- /* XXX Reverted back to OpenBSD, why was this changed again? */
- if (strcmp(pw_password, "") == 0 && strcmp(pw->pw_passwd, "") == 0)
- return 1;
- else {
- /* Encrypt the candidate password using the proper salt. */
- char *encrypted_password = xcrypt(password,
- (pw_password[0] && pw_password[1]) ? pw_password : "xx");
-
- /*
- * Authentication is accepted if the encrypted passwords
- * are identical.
- */
- return (strcmp(encrypted_password, pw_password) == 0);
+#ifdef BSD_AUTH
+static void
+warn_expiry(Authctxt *authctxt, auth_session_t *as)
+{
+ char buf[256];
+ quad_t pwtimeleft, actimeleft, daysleft, pwwarntime, acwarntime;
+
+ pwwarntime = acwarntime = TWO_WEEKS;
+
+ pwtimeleft = auth_check_change(as);
+ actimeleft = auth_check_expire(as);
+#ifdef HAVE_LOGIN_CAP
+ if (authctxt->valid) {
+ pwwarntime = login_getcaptime(lc, "password-warn", TWO_WEEKS,
+ TWO_WEEKS);
+ acwarntime = login_getcaptime(lc, "expire-warn", TWO_WEEKS,
+ TWO_WEEKS);
+ }
+#endif
+ if (pwtimeleft != 0 && pwtimeleft < pwwarntime) {
+ daysleft = pwtimeleft / DAY + 1;
+ snprintf(buf, sizeof(buf),
+ "Your password will expire in %lld day%s.\n",
+ daysleft, daysleft == 1 ? "" : "s");
+ buffer_append(&loginmsg, buf, strlen(buf));