+20040222
+ - (dtucker) [auth-shadow.c auth.c auth.h] Move shadow account expiry test
+ to auth-shadow.c, no functional change. ok djm@
+
20040220
- (djm) [openbsd-compat/setproctitle.c] fix comments; from grange@
extern Buffer loginmsg;
+/*
+ * For the account and password expiration functions, we assume the expiry
+ * occurs the day after the day specified.
+ */
+
+/*
+ * Check if specified account is expired. Returns 1 if account is expired,
+ * 0 otherwise.
+ */
+int
+auth_shadow_acctexpired(struct spwd *spw)
+{
+ time_t today;
+
+ today = time(NULL) / DAY;
+ debug3("%s: today %d sp_expire %d", __func__, (int)today,
+ (int)spw->sp_expire);
+
+ if (spw->sp_expire != -1 && today > spw->sp_expire) {
+ logit("Account %.100s has expired", spw->sp_namp);
+ return 1;
+ }
+
+ return 0;
+}
+
/*
* Checks password expiry for platforms that use shadow passwd files.
* Returns: 1 = password expired, 0 = password not expired
#ifdef HAVE_LOGIN_H
#include <login.h>
#endif
-#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
+#ifdef USE_SHADOW
#include <shadow.h>
-#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
+#endif
#ifdef HAVE_LIBGEN_H
#include <libgen.h>
const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL;
char *shell;
int i;
-#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
+#ifdef USE_SHADOW
struct spwd *spw = NULL;
#endif
if (!pw || !pw->pw_name)
return 0;
-#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
+#ifdef USE_SHADOW
if (!options.use_pam)
spw = getspnam(pw->pw_name);
#ifdef HAS_SHADOW_EXPIRE
-#define DAY (24L * 60 * 60) /* 1 day in seconds */
- if (!options.use_pam && spw != NULL) {
- int disabled = 0;
- time_t today;
-
- today = time(NULL) / DAY;
- debug3("allowed_user: today %d sp_expire %d sp_lstchg %d"
- " sp_max %d", (int)today, (int)spw->sp_expire,
- (int)spw->sp_lstchg, (int)spw->sp_max);
-
- /*
- * We assume account and password expiration occurs the
- * day after the day specified.
- */
- if (spw->sp_expire != -1 && today > spw->sp_expire) {
- logit("Account %.100s has expired", pw->pw_name);
- return 0;
- }
- }
+ if (!options.use_pam && spw != NULL && auth_shadow_acctexpired(spw))
+ return 0;
#endif /* HAS_SHADOW_EXPIRE */
-#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
+#endif /* USE_SHADOW */
/* grab passwd field for locked account check */
-#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
+#ifdef USE_SHADOW
if (spw != NULL)
passwd = spw->sp_pwdp;
#else
void krb5_cleanup_proc(Authctxt *authctxt);
#endif /* KRB5 */
-#ifdef USE_SHADOW
+#if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
+int auth_shadow_acctexpired(struct spwd *);
int auth_shadow_pwexpired(Authctxt *);
#endif