yuuji@0: /* ======================================================================== yuuji@0: * Copyright 1988-2006 University of Washington yuuji@0: * yuuji@0: * Licensed under the Apache License, Version 2.0 (the "License"); yuuji@0: * you may not use this file except in compliance with the License. yuuji@0: * You may obtain a copy of the License at yuuji@0: * yuuji@0: * http://www.apache.org/licenses/LICENSE-2.0 yuuji@0: * yuuji@0: * yuuji@0: * ======================================================================== yuuji@0: */ yuuji@0: yuuji@0: /* yuuji@0: * Program: Old SVR4 check password yuuji@0: * yuuji@0: * Author: Mark Crispin yuuji@0: * Networks and Distributed Computing yuuji@0: * Computing & Communications yuuji@0: * University of Washington yuuji@0: * Administration Building, AG-44 yuuji@0: * Seattle, WA 98195 yuuji@0: * Internet: MRC@CAC.Washington.EDU yuuji@0: * yuuji@0: * Date: 1 August 1988 yuuji@0: * Last Edited: 30 August 2006 yuuji@0: */ yuuji@0: yuuji@0: /* Check password yuuji@0: * Accepts: login passwd struct yuuji@0: * password string yuuji@0: * argument count yuuji@0: * argument vector yuuji@0: * Returns: passwd struct if password validated, NIL otherwise yuuji@0: */ yuuji@0: yuuji@0: struct passwd *checkpw (struct passwd *pw,char *pass,int argc,char *argv[]) yuuji@0: { yuuji@0: char tmp[MAILTMPLEN]; yuuji@0: struct spwd *sp = NIL; yuuji@0: time_t left; yuuji@0: time_t now = time (0); yuuji@0: struct tm *t = gmtime (&now); yuuji@0: int zone = t->tm_hour * 60 + t->tm_min; yuuji@0: int julian = t->tm_yday; yuuji@0: t = localtime (&now); /* get local time now */ yuuji@0: /* minus UTC minutes since midnight */ yuuji@0: zone = t->tm_hour * 60 + t->tm_min - zone; yuuji@0: /* julian can be one of: yuuji@0: * 36x local time is December 31, UTC is January 1, offset -24 hours yuuji@0: * 1 local time is 1 day ahead of UTC, offset +24 hours yuuji@0: * 0 local time is same day as UTC, no offset yuuji@0: * -1 local time is 1 day behind UTC, offset -24 hours yuuji@0: * -36x local time is January 1, UTC is December 31, offset +24 hours yuuji@0: */ yuuji@0: if (julian = t->tm_yday -julian) yuuji@0: zone += ((julian < 0) == (abs (julian) == 1)) ? -24*60 : 24*60; yuuji@0: /* days since 1/1/1970 local time */ yuuji@0: now = ((now /60) + zone) / (60*24); yuuji@0: /* non-shadow authentication */ yuuji@0: if (!pw->pw_passwd || !pw->pw_passwd[0] || !pw->pw_passwd[1] || yuuji@0: strcmp (pw->pw_passwd,(char *) crypt (pass,pw->pw_passwd))) { yuuji@0: /* As far as I've been able to determine, here is how the expiration yuuji@0: * fields in the shadow authentication data work: yuuji@0: * lstchg last password change date if non-negative. If zero, the yuuji@0: * user can not log in without changing password. yuuji@0: * max number of days a password is valid if positive yuuji@0: * The expiration day is the *last* day that the password is valid. yuuji@0: */ yuuji@0: /* shadow authentication */ yuuji@0: if ((sp = getspnam (pw->pw_name)) && sp->sp_lstchg && yuuji@0: ((sp->sp_lstchg < 0) || (sp->sp_max <= 0) || yuuji@0: ((sp->sp_lstchg + sp->sp_max) >= now)) && yuuji@0: sp->sp_pwdp && sp->sp_pwdp[0] && sp->sp_pwdp[1] && yuuji@0: !strcmp (sp->sp_pwdp,(char *) crypt (pass,sp->sp_pwdp))) { yuuji@0: if ((sp->sp_lstchg > 0) && (sp->sp_max > 0) && yuuji@0: ((left = (sp->sp_lstchg + sp->sp_max) - now) <= 28)) { yuuji@0: if (left) { yuuji@0: sprintf (tmp,"[ALERT] Password expires in %ld day(s)",(long) left); yuuji@0: mm_notify (NIL,tmp,NIL); yuuji@0: } yuuji@0: else mm_notify (NIL,"[ALERT] Password expires today!",WARN); yuuji@0: } yuuji@0: endspent (); /* don't need shadow password data any more */ yuuji@0: } yuuji@0: else pw = NIL; /* password failed */ yuuji@0: } yuuji@0: return pw; yuuji@0: }