security/PAM/patches/patch-an


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89

$NetBSD: patch-an,v 1.2 2002/01/29 17:10:11 jlam Exp $

--- modules/pam_unix/pam_unix_acct.c.orig	Wed Dec 20 00:15:05 2000
+++ modules/pam_unix/pam_unix_acct.c
@@ -41,9 +41,12 @@
 #include <string.h>
 #include <unistd.h>
 #include <sys/types.h>
+#include <sys/param.h>
 #include <syslog.h>
 #include <pwd.h>
+#ifndef BSD
 #include <shadow.h>
+#endif
 #include <time.h>		/* for time() */
 
 #include <security/_pam_macros.h>
@@ -72,7 +75,7 @@
 	const char *uname;
 	int retval, daysleft;
 	time_t curdays;
-	struct spwd *spent;
+	struct spwd *spent = NULL;
 	struct passwd *pwent;
 	char buf[80];
 
@@ -113,6 +116,9 @@
 					return PAM_CRED_INSUFFICIENT;
 			}
 		}
+#ifdef BSD
+		spent = NULL;
+#else
 		spent = getspnam( uname );
 		if (save_uid == pwent->pw_uid)
 			setreuid( save_uid, save_euid );
@@ -121,16 +127,42 @@
 			setreuid( save_uid, -1 );
 			setreuid( -1, save_euid );
 		}
-
+#endif
 	} else if (!strcmp( pwent->pw_passwd, "x" )) {
+#ifdef BSD
+		spent = NULL;
+#else
 		spent = getspnam(uname);
+#endif
 	} else {
+#if (defined(BSD) && BSD >= 199306)
+		time_t now = time(NULL);
+		if (now > pwent->pw_expire) {
+			_log_err(LOG_NOTICE
+				 ,"account %s has expired (account expired)"
+				 ,uname);
+			_make_remark(pamh, ctrl, PAM_ERROR_MSG,
+			    	"Your account has expired; please contact your system administrator");
+			D(("account expired"));
+			return PAM_ACCT_EXPIRED;
+		}
+		else if (now + _PASSWORD_WARNDAYS * 86400 > pwent->pw_expire) {
+			daysleft = (pwent->pw_expire - now) / 86400;
+			_log_err(LOG_DEBUG
+				 ,"password for user %s will expire in %d days"
+				 ,uname, daysleft);
+			snprintf(buf, 80, "Warning: your password will expire in %d day%.2s",
+				 daysleft, daysleft == 1 ? "" : "s");
+			_make_remark(pamh, ctrl, PAM_TEXT_INFO, buf);
+		}
+#endif
 		return PAM_SUCCESS;
 	}
 
 	if (!spent)
 		return PAM_AUTHINFO_UNAVAIL;	/* Couldn't get username from shadow */
 
+#ifndef BSD
 	curdays = time(NULL) / (60 * 60 * 24);
 	D(("today is %d, last change %d", curdays, spent->sp_lstchg));
 	if ((curdays > spent->sp_expire) && (spent->sp_expire != -1)
@@ -183,7 +215,7 @@
 			 daysleft, daysleft == 1 ? "" : "s");
 		_make_remark(pamh, ctrl, PAM_TEXT_INFO, buf);
 	}
-
+#endif
 	D(("all done"));
 
 	return PAM_SUCCESS;