summaryrefslogtreecommitdiffstats
path: root/libmisc/age.c
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-15 20:46:53 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-15 20:46:53 +0000
commit19da58be2d9359a9641381feb559be0b918ef710 (patch)
tree109724175f07436696f51b14b5abbd3f4d704d6d /libmisc/age.c
parentInitial commit. (diff)
downloadshadow-19da58be2d9359a9641381feb559be0b918ef710.tar.xz
shadow-19da58be2d9359a9641381feb559be0b918ef710.zip
Adding upstream version 1:4.13+dfsg1.upstream/1%4.13+dfsg1
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r--libmisc/age.c178
1 files changed, 178 insertions, 0 deletions
diff --git a/libmisc/age.c b/libmisc/age.c
new file mode 100644
index 0000000..d10f71b
--- /dev/null
+++ b/libmisc/age.c
@@ -0,0 +1,178 @@
+/*
+ * SPDX-FileCopyrightText: 1989 - 1994, Julianne Frances Haugh
+ * SPDX-FileCopyrightText: 1996 - 1998, Marek Michałkiewicz
+ * SPDX-FileCopyrightText: 2001 - 2006, Tomasz Kłoczko
+ * SPDX-FileCopyrightText: 2008 - 2009, Nicolas François
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <stdio.h>
+#include <time.h>
+#include <errno.h>
+#include "prototypes.h"
+#include "defines.h"
+#include "exitcodes.h"
+#include <pwd.h>
+#include <grp.h>
+
+#ident "$Id$"
+
+#ifndef PASSWD_PROGRAM
+#define PASSWD_PROGRAM "/bin/passwd"
+#endif
+/*
+ * expire - force password change if password expired
+ *
+ * expire() calls /bin/passwd to change the user's password
+ * if it has expired.
+ */
+int expire (const struct passwd *pw, /*@null@*/const struct spwd *sp)
+{
+ int status;
+ pid_t child;
+ pid_t pid;
+
+ if (NULL == sp) {
+ return 0;
+ }
+
+ /*
+ * See if the user's password has expired, and if so
+ * force them to change their password.
+ */
+
+ status = isexpired (pw, sp);
+ switch (status) {
+ case 0:
+ return 0;
+ case 1:
+ (void) fputs (_("Your password has expired."), stdout);
+ break;
+ case 2:
+ (void) fputs (_("Your password is inactive."), stdout);
+ break;
+ case 3:
+ (void) fputs (_("Your login has expired."), stdout);
+ break;
+ }
+
+ /*
+ * Setting the maximum valid period to less than the minimum
+ * valid period means that the minimum period will never
+ * occur while the password is valid, so the user can never
+ * change that password.
+ */
+
+ if ((status > 1) || (sp->sp_max < sp->sp_min)) {
+ (void) puts (_(" Contact the system administrator."));
+ exit (EXIT_FAILURE);
+ }
+ (void) puts (_(" Choose a new password."));
+ (void) fflush (stdout);
+
+ /*
+ * Close all the files so that unauthorized access won't
+ * occur. This needs to be done anyway because those files
+ * might become stale after "passwd" is executed.
+ */
+
+ endspent ();
+ endpwent ();
+#ifdef SHADOWGRP
+ endsgent ();
+#endif
+ endgrent ();
+
+ /*
+ * Execute the /bin/passwd command. The exit status will be
+ * examined to see what the result is. If there are any
+ * errors the routine will exit. This forces the user to
+ * change their password before being able to use the account.
+ */
+
+ pid = fork ();
+ if (0 == pid) {
+ int err;
+
+ /*
+ * Set the UID to be that of the user. This causes
+ * passwd to work just like it would had they executed
+ * it from the command line while logged in.
+ */
+#if defined(HAVE_INITGROUPS) && ! defined(USE_PAM)
+ if (setup_uid_gid (pw, false) != 0)
+#else
+ if (setup_uid_gid (pw) != 0)
+#endif
+ {
+ _exit (126);
+ }
+
+ (void) execl (PASSWD_PROGRAM, PASSWD_PROGRAM, pw->pw_name, (char *) 0);
+ err = errno;
+ perror ("Can't execute " PASSWD_PROGRAM);
+ _exit ((ENOENT == err) ? E_CMD_NOTFOUND : E_CMD_NOEXEC);
+ } else if ((pid_t) -1 == pid) {
+ perror ("fork");
+ exit (EXIT_FAILURE);
+ }
+
+ while (((child = wait (&status)) != pid) && (child != (pid_t)-1));
+
+ if ((child == pid) && (0 == status)) {
+ return 1;
+ }
+
+ exit (EXIT_FAILURE);
+ /*@notreached@*/}
+
+/*
+ * agecheck - see if warning is needed for password expiration
+ *
+ * agecheck sees how many days until the user's password is going
+ * to expire and warns the user of the pending password expiration.
+ */
+
+void agecheck (/*@null@*/const struct spwd *sp)
+{
+ long now = (long) time ((time_t *) 0) / SCALE;
+ long remain;
+
+ if (NULL == sp) {
+ return;
+ }
+
+ /*
+ * The last, max, and warn fields must be supported or the
+ * warning period cannot be calculated.
+ */
+
+ if ( (-1 == sp->sp_lstchg)
+ || (-1 == sp->sp_max)
+ || (-1 == sp->sp_warn)) {
+ return;
+ }
+
+ if (0 == sp->sp_lstchg) {
+ (void) puts (_("You must change your password."));
+ return;
+ }
+
+ remain = sp->sp_lstchg + sp->sp_max - now;
+ if (remain <= sp->sp_warn) {
+ remain /= DAY / SCALE;
+ if (remain > 1) {
+ (void) printf (_("Your password will expire in %ld days.\n"),
+ remain);
+ } else if (1 == remain) {
+ (void) puts (_("Your password will expire tomorrow."));
+ } else if (remain == 0) {
+ (void) puts (_("Your password will expire today."));
+ }
+ }
+}
+