rev |
line source |
yuuji@0
|
1 /* ========================================================================
|
yuuji@0
|
2 * Copyright 1988-2006 University of Washington
|
yuuji@0
|
3 *
|
yuuji@0
|
4 * Licensed under the Apache License, Version 2.0 (the "License");
|
yuuji@0
|
5 * you may not use this file except in compliance with the License.
|
yuuji@0
|
6 * You may obtain a copy of the License at
|
yuuji@0
|
7 *
|
yuuji@0
|
8 * http://www.apache.org/licenses/LICENSE-2.0
|
yuuji@0
|
9 *
|
yuuji@0
|
10 *
|
yuuji@0
|
11 * ========================================================================
|
yuuji@0
|
12 */
|
yuuji@0
|
13
|
yuuji@0
|
14 /*
|
yuuji@0
|
15 * Program: SVR4 check password
|
yuuji@0
|
16 *
|
yuuji@0
|
17 * Author: Mark Crispin
|
yuuji@0
|
18 * Networks and Distributed Computing
|
yuuji@0
|
19 * Computing & Communications
|
yuuji@0
|
20 * University of Washington
|
yuuji@0
|
21 * Administration Building, AG-44
|
yuuji@0
|
22 * Seattle, WA 98195
|
yuuji@0
|
23 * Internet: MRC@CAC.Washington.EDU
|
yuuji@0
|
24 *
|
yuuji@0
|
25 * Date: 1 August 1988
|
yuuji@0
|
26 * Last Edited: 30 August 2006
|
yuuji@0
|
27 */
|
yuuji@0
|
28
|
yuuji@0
|
29 /* Check password
|
yuuji@0
|
30 * Accepts: login passwd struct
|
yuuji@0
|
31 * password string
|
yuuji@0
|
32 * argument count
|
yuuji@0
|
33 * argument vector
|
yuuji@0
|
34 * Returns: passwd struct if password validated, NIL otherwise
|
yuuji@0
|
35 */
|
yuuji@0
|
36
|
yuuji@0
|
37 struct passwd *checkpw (struct passwd *pw,char *pass,int argc,char *argv[])
|
yuuji@0
|
38 {
|
yuuji@0
|
39 char tmp[MAILTMPLEN];
|
yuuji@0
|
40 struct spwd *sp = NIL;
|
yuuji@0
|
41 time_t left;
|
yuuji@0
|
42 time_t now = time (0);
|
yuuji@0
|
43 struct tm *t = gmtime (&now);
|
yuuji@0
|
44 int zone = t->tm_hour * 60 + t->tm_min;
|
yuuji@0
|
45 int julian = t->tm_yday;
|
yuuji@0
|
46 t = localtime (&now); /* get local time now */
|
yuuji@0
|
47 /* minus UTC minutes since midnight */
|
yuuji@0
|
48 zone = t->tm_hour * 60 + t->tm_min - zone;
|
yuuji@0
|
49 /* julian can be one of:
|
yuuji@0
|
50 * 36x local time is December 31, UTC is January 1, offset -24 hours
|
yuuji@0
|
51 * 1 local time is 1 day ahead of UTC, offset +24 hours
|
yuuji@0
|
52 * 0 local time is same day as UTC, no offset
|
yuuji@0
|
53 * -1 local time is 1 day behind UTC, offset -24 hours
|
yuuji@0
|
54 * -36x local time is January 1, UTC is December 31, offset +24 hours
|
yuuji@0
|
55 */
|
yuuji@0
|
56 if (julian = t->tm_yday -julian)
|
yuuji@0
|
57 zone += ((julian < 0) == (abs (julian) == 1)) ? -24*60 : 24*60;
|
yuuji@0
|
58 /* days since 1/1/1970 local time */
|
yuuji@0
|
59 now = ((now /60) + zone) / (60*24);
|
yuuji@0
|
60 /* non-shadow authentication */
|
yuuji@0
|
61 if (!pw->pw_passwd || !pw->pw_passwd[0] || !pw->pw_passwd[1] ||
|
yuuji@0
|
62 strcmp (pw->pw_passwd,(char *) crypt (pass,pw->pw_passwd))) {
|
yuuji@0
|
63 /* As far as I've been able to determine, here is how the expiration
|
yuuji@0
|
64 * fields in the shadow authentication data work:
|
yuuji@0
|
65 * lstchg last password change date if non-negative. If zero, the
|
yuuji@0
|
66 * user can not log in without changing password.
|
yuuji@0
|
67 * max number of days a password is valid if positive
|
yuuji@0
|
68 * warn number of days of password expiration warning
|
yuuji@0
|
69 * The expiration day is the *last* day that the password is valid.
|
yuuji@0
|
70 */
|
yuuji@0
|
71 /* shadow authentication */
|
yuuji@0
|
72 if ((sp = getspnam (pw->pw_name)) && sp->sp_lstchg &&
|
yuuji@0
|
73 ((sp->sp_lstchg < 0) || (sp->sp_max <= 0) ||
|
yuuji@0
|
74 ((sp->sp_lstchg + sp->sp_max) >= now)) &&
|
yuuji@0
|
75 sp->sp_pwdp && sp->sp_pwdp[0] && sp->sp_pwdp[1] &&
|
yuuji@0
|
76 !strcmp (sp->sp_pwdp,(char *) crypt (pass,sp->sp_pwdp))) {
|
yuuji@0
|
77 if ((sp->sp_lstchg > 0) && (sp->sp_max > 0) &&
|
yuuji@0
|
78 ((left = (sp->sp_lstchg + sp->sp_max) - now) <= sp->sp_warn)) {
|
yuuji@0
|
79 if (left) {
|
yuuji@0
|
80 sprintf (tmp,"[ALERT] Password expires in %ld day(s)",(long) left);
|
yuuji@0
|
81 mm_notify (NIL,tmp,NIL);
|
yuuji@0
|
82 }
|
yuuji@0
|
83 else mm_notify (NIL,"[ALERT] Password expires today!",WARN);
|
yuuji@0
|
84 }
|
yuuji@0
|
85 endspent (); /* don't need shadow password data any more */
|
yuuji@0
|
86 }
|
yuuji@0
|
87 else pw = NIL; /* password failed */
|
yuuji@0
|
88 }
|
yuuji@0
|
89 return pw;
|
yuuji@0
|
90 }
|