20020510
+ - (stevesk) [auth.c] Shadow account and expiration cleanup. Now
+ check for root forced expire. Still don't check for inactive.
- (djm) Rework RedHat RPM files. Based on spec from Nalin
Dahyabhai <nalin@redhat.com> and patches from
Pekka Savola <pekkas@netcore.fi>
if (!pw || !pw->pw_name)
return 0;
+#define DAY (24L * 60 * 60) /* 1 day in seconds */
spw = getspnam(pw->pw_name);
if (spw != NULL) {
- int days = time(NULL) / 86400;
+ time_t today = time(NULL) / DAY;
+ debug3("allowed_user: today %d sp_expire %d sp_lstchg %d"
+ " sp_max %d", (int)today, (int)spw->sp_expire,
+ (int)spw->sp_lstchg, (int)spw->sp_max);
- /* Check account expiry */
- if ((spw->sp_expire >= 0) && (days > spw->sp_expire))
+ /*
+ * We assume account and password expiration occurs the
+ * day after the day specified.
+ */
+ if (spw->sp_expire != -1 && today > spw->sp_expire) {
+ log("Account %.100s has expired", pw->pw_name);
return 0;
+ }
- /* Check password expiry */
- if ((spw->sp_lstchg >= 0) && (spw->sp_max >= 0) &&
- (days > (spw->sp_lstchg + spw->sp_max)))
+ if (spw->sp_lstchg == 0) {
+ log("User %.100s password has expired (root forced)",
+ pw->pw_name);
return 0;
+ }
+
+ if (spw->sp_max != -1 &&
+ today > spw->sp_lstchg + spw->sp_max) {
+ log("User %.100s password has expired (password aged)",
+ pw->pw_name);
+ return 0;
+ }
}
#else
/* Shouldn't be called if pw is NULL, but better safe than sorry... */