From f14ca4a422a7d789586ab120a0e4203b17b4455d Mon Sep 17 00:00:00 2001 From: dtucker Date: Sat, 21 Feb 2004 22:43:15 +0000 Subject: [PATCH] - (dtucker) [auth-shadow.c auth.c auth.h] Move shadow account expiry test to auth-shadow.c, no functional change. ok djm@ --- ChangeLog | 4 ++++ auth-shadow.c | 26 ++++++++++++++++++++++++++ auth.c | 33 ++++++++------------------------- auth.h | 3 ++- 4 files changed, 40 insertions(+), 26 deletions(-) diff --git a/ChangeLog b/ChangeLog index 3d47cc60..ee1320b5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20040222 + - (dtucker) [auth-shadow.c auth.c auth.h] Move shadow account expiry test + to auth-shadow.c, no functional change. ok djm@ + 20040220 - (djm) [openbsd-compat/setproctitle.c] fix comments; from grange@ diff --git a/auth-shadow.c b/auth-shadow.c index 4b3a514f..bbb29644 100644 --- a/auth-shadow.c +++ b/auth-shadow.c @@ -36,6 +36,32 @@ RCSID("$Id$"); extern Buffer loginmsg; +/* + * For the account and password expiration functions, we assume the expiry + * occurs the day after the day specified. + */ + +/* + * Check if specified account is expired. Returns 1 if account is expired, + * 0 otherwise. + */ +int +auth_shadow_acctexpired(struct spwd *spw) +{ + time_t today; + + today = time(NULL) / DAY; + debug3("%s: today %d sp_expire %d", __func__, (int)today, + (int)spw->sp_expire); + + if (spw->sp_expire != -1 && today > spw->sp_expire) { + logit("Account %.100s has expired", spw->sp_namp); + return 1; + } + + return 0; +} + /* * Checks password expiry for platforms that use shadow passwd files. * Returns: 1 = password expired, 0 = password not expired diff --git a/auth.c b/auth.c index c6e7c21c..6d999221 100644 --- a/auth.c +++ b/auth.c @@ -28,9 +28,9 @@ RCSID("$OpenBSD: auth.c,v 1.51 2003/11/21 11:57:02 djm Exp $"); #ifdef HAVE_LOGIN_H #include #endif -#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) +#ifdef USE_SHADOW #include -#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */ +#endif #ifdef HAVE_LIBGEN_H #include @@ -76,7 +76,7 @@ allowed_user(struct passwd * pw) const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL; char *shell; int i; -#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) +#ifdef USE_SHADOW struct spwd *spw = NULL; #endif @@ -84,34 +84,17 @@ allowed_user(struct passwd * pw) if (!pw || !pw->pw_name) return 0; -#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) +#ifdef USE_SHADOW if (!options.use_pam) spw = getspnam(pw->pw_name); #ifdef HAS_SHADOW_EXPIRE -#define DAY (24L * 60 * 60) /* 1 day in seconds */ - if (!options.use_pam && spw != NULL) { - int disabled = 0; - time_t today; - - today = time(NULL) / DAY; - debug3("allowed_user: today %d sp_expire %d sp_lstchg %d" - " sp_max %d", (int)today, (int)spw->sp_expire, - (int)spw->sp_lstchg, (int)spw->sp_max); - - /* - * We assume account and password expiration occurs the - * day after the day specified. - */ - if (spw->sp_expire != -1 && today > spw->sp_expire) { - logit("Account %.100s has expired", pw->pw_name); - return 0; - } - } + if (!options.use_pam && spw != NULL && auth_shadow_acctexpired(spw)) + return 0; #endif /* HAS_SHADOW_EXPIRE */ -#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */ +#endif /* USE_SHADOW */ /* grab passwd field for locked account check */ -#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) +#ifdef USE_SHADOW if (spw != NULL) passwd = spw->sp_pwdp; #else diff --git a/auth.h b/auth.h index b6a6a49a..a8f61f40 100644 --- a/auth.h +++ b/auth.h @@ -122,7 +122,8 @@ int auth_krb5_password(Authctxt *authctxt, const char *password); void krb5_cleanup_proc(Authctxt *authctxt); #endif /* KRB5 */ -#ifdef USE_SHADOW +#if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE) +int auth_shadow_acctexpired(struct spwd *); int auth_shadow_pwexpired(Authctxt *); #endif -- 2.45.1