From: stevesk Date: Fri, 10 May 2002 15:48:52 +0000 (+0000) Subject: - (stevesk) [auth.c] Shadow account and expiration cleanup. Now X-Git-Tag: V_3_2_2_P1~34 X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/commitdiff_plain/5b29f1525779e779164a8532db596c20f564e283 - (stevesk) [auth.c] Shadow account and expiration cleanup. Now check for root forced expire. Still don't check for inactive. --- diff --git a/ChangeLog b/ChangeLog index 3635ebbd..7a94a7e2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,6 @@ 20020510 + - (stevesk) [auth.c] Shadow account and expiration cleanup. Now + check for root forced expire. Still don't check for inactive. - (djm) Rework RedHat RPM files. Based on spec from Nalin Dahyabhai and patches from Pekka Savola diff --git a/auth.c b/auth.c index a9f981d1..2f1979cf 100644 --- a/auth.c +++ b/auth.c @@ -80,18 +80,35 @@ allowed_user(struct passwd * pw) if (!pw || !pw->pw_name) return 0; +#define DAY (24L * 60 * 60) /* 1 day in seconds */ spw = getspnam(pw->pw_name); if (spw != NULL) { - int days = time(NULL) / 86400; + time_t today = time(NULL) / DAY; + debug3("allowed_user: today %d sp_expire %d sp_lstchg %d" + " sp_max %d", (int)today, (int)spw->sp_expire, + (int)spw->sp_lstchg, (int)spw->sp_max); - /* Check account expiry */ - if ((spw->sp_expire >= 0) && (days > spw->sp_expire)) + /* + * We assume account and password expiration occurs the + * day after the day specified. + */ + if (spw->sp_expire != -1 && today > spw->sp_expire) { + log("Account %.100s has expired", pw->pw_name); return 0; + } - /* Check password expiry */ - if ((spw->sp_lstchg >= 0) && (spw->sp_max >= 0) && - (days > (spw->sp_lstchg + spw->sp_max))) + if (spw->sp_lstchg == 0) { + log("User %.100s password has expired (root forced)", + pw->pw_name); return 0; + } + + if (spw->sp_max != -1 && + today > spw->sp_lstchg + spw->sp_max) { + log("User %.100s password has expired (password aged)", + pw->pw_name); + return 0; + } } #else /* Shouldn't be called if pw is NULL, but better safe than sorry... */