1261287Sdes/* 2261287Sdes * Copyright (c) 2004 Darren Tucker. All rights reserved. 3261287Sdes * 4261287Sdes * Redistribution and use in source and binary forms, with or without 5261287Sdes * modification, are permitted provided that the following conditions 6261287Sdes * are met: 7261287Sdes * 1. Redistributions of source code must retain the above copyright 8261287Sdes * notice, this list of conditions and the following disclaimer. 9261287Sdes * 2. Redistributions in binary form must reproduce the above copyright 10261287Sdes * notice, this list of conditions and the following disclaimer in the 11261287Sdes * documentation and/or other materials provided with the distribution. 12261287Sdes * 13261287Sdes * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 14261287Sdes * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 15261287Sdes * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 16261287Sdes * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 17261287Sdes * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 18261287Sdes * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 19261287Sdes * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 20261287Sdes * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 21261287Sdes * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 22261287Sdes * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23261287Sdes */ 24261287Sdes 25261287Sdes#include "includes.h" 26261287Sdes 27261287Sdes#if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE) 28261287Sdes#include <shadow.h> 29261287Sdes#include <stdarg.h> 30261287Sdes#include <string.h> 31261287Sdes#include <time.h> 32261287Sdes 33261287Sdes#include "key.h" 34261287Sdes#include "hostfile.h" 35261287Sdes#include "auth.h" 36261287Sdes#include "buffer.h" 37261287Sdes#include "log.h" 38261287Sdes 39261287Sdes#ifdef DAY 40261287Sdes# undef DAY 41261287Sdes#endif 42261287Sdes#define DAY (24L * 60 * 60) /* 1 day in seconds */ 43261287Sdes 44261287Sdesextern Buffer loginmsg; 45261287Sdes 46261287Sdes/* 47261287Sdes * For the account and password expiration functions, we assume the expiry 48261287Sdes * occurs the day after the day specified. 49261287Sdes */ 50261287Sdes 51261287Sdes/* 52261287Sdes * Check if specified account is expired. Returns 1 if account is expired, 53261287Sdes * 0 otherwise. 54261287Sdes */ 55261287Sdesint 56261287Sdesauth_shadow_acctexpired(struct spwd *spw) 57261287Sdes{ 58261287Sdes time_t today; 59261287Sdes int daysleft; 60261287Sdes char buf[256]; 61261287Sdes 62261287Sdes today = time(NULL) / DAY; 63261287Sdes daysleft = spw->sp_expire - today; 64261287Sdes debug3("%s: today %d sp_expire %d days left %d", __func__, (int)today, 65261287Sdes (int)spw->sp_expire, daysleft); 66261287Sdes 67261287Sdes if (spw->sp_expire == -1) { 68261287Sdes debug3("account expiration disabled"); 69 } else if (daysleft < 0) { 70 logit("Account %.100s has expired", spw->sp_namp); 71 return 1; 72 } else if (daysleft <= spw->sp_warn) { 73 debug3("account will expire in %d days", daysleft); 74 snprintf(buf, sizeof(buf), 75 "Your account will expire in %d day%s.\n", daysleft, 76 daysleft == 1 ? "" : "s"); 77 buffer_append(&loginmsg, buf, strlen(buf)); 78 } 79 80 return 0; 81} 82 83/* 84 * Checks password expiry for platforms that use shadow passwd files. 85 * Returns: 1 = password expired, 0 = password not expired 86 */ 87int 88auth_shadow_pwexpired(Authctxt *ctxt) 89{ 90 struct spwd *spw = NULL; 91 const char *user = ctxt->pw->pw_name; 92 char buf[256]; 93 time_t today; 94 int daysleft, disabled = 0; 95 96 if ((spw = getspnam((char *)user)) == NULL) { 97 error("Could not get shadow information for %.100s", user); 98 return 0; 99 } 100 101 today = time(NULL) / DAY; 102 debug3("%s: today %d sp_lstchg %d sp_max %d", __func__, (int)today, 103 (int)spw->sp_lstchg, (int)spw->sp_max); 104 105#if defined(__hpux) && !defined(HAVE_SECUREWARE) 106 if (iscomsec()) { 107 struct pr_passwd *pr; 108 109 pr = getprpwnam((char *)user); 110 111 /* Test for Trusted Mode expiry disabled */ 112 if (pr != NULL && pr->ufld.fd_min == 0 && 113 pr->ufld.fd_lifetime == 0 && pr->ufld.fd_expire == 0 && 114 pr->ufld.fd_pw_expire_warning == 0 && 115 pr->ufld.fd_schange != 0) 116 disabled = 1; 117 } 118#endif 119 120 /* TODO: check sp_inact */ 121 daysleft = spw->sp_lstchg + spw->sp_max - today; 122 if (disabled) { 123 debug3("password expiration disabled"); 124 } else if (spw->sp_lstchg == 0) { 125 logit("User %.100s password has expired (root forced)", user); 126 return 1; 127 } else if (spw->sp_max == -1) { 128 debug3("password expiration disabled"); 129 } else if (daysleft < 0) { 130 logit("User %.100s password has expired (password aged)", user); 131 return 1; 132 } else if (daysleft <= spw->sp_warn) { 133 debug3("password will expire in %d days", daysleft); 134 snprintf(buf, sizeof(buf), 135 "Your password will expire in %d day%s.\n", daysleft, 136 daysleft == 1 ? "" : "s"); 137 buffer_append(&loginmsg, buf, strlen(buf)); 138 } 139 140 return 0; 141} 142#endif /* USE_SHADOW && HAS_SHADOW_EXPIRE */ 143