GCC Code Coverage Report
Directory: ./ Exec Total Coverage
File: lib/libutil/check_expire.c Lines: 0 64 0.0 %
Date: 2017-11-13 Branches: 0 36 0.0 %

Line Branch Exec Source
1
/*	$OpenBSD: check_expire.c,v 1.12 2015/11/26 23:32:52 millert Exp $	*/
2
3
/*
4
 * Copyright (c) 1997 Berkeley Software Design, Inc. All rights reserved.
5
 *
6
 * Redistribution and use in source and binary forms, with or without
7
 * modification, are permitted provided that the following conditions
8
 * are met:
9
 * 1. Redistributions of source code must retain the above copyright
10
 *    notice, this list of conditions and the following disclaimer.
11
 * 2. Redistributions in binary form must reproduce the above copyright
12
 *    notice, this list of conditions and the following disclaimer in the
13
 *    documentation and/or other materials provided with the distribution.
14
 * 3. All advertising materials mentioning features or use of this software
15
 *    must display the following acknowledgement:
16
 *	This product includes software developed by Berkeley Software Design,
17
 *	Inc.
18
 * 4. The name of Berkeley Software Design, Inc.  may not be used to endorse
19
 *    or promote products derived from this software without specific prior
20
 *    written permission.
21
 *
22
 * THIS SOFTWARE IS PROVIDED BY BERKELEY SOFTWARE DESIGN, INC. ``AS IS'' AND
23
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25
 * ARE DISCLAIMED.  IN NO EVENT SHALL BERKELEY SOFTWARE DESIGN, INC. BE LIABLE
26
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32
 * SUCH DAMAGE.
33
 *
34
 *	BSDI $From: check_expire.c,v 2.1 1997/08/08 18:38:25 prb Exp $
35
 */
36
37
#include <sys/types.h>
38
39
#include <errno.h>
40
#include <fcntl.h>
41
#include <pwd.h>
42
#include <signal.h>
43
#include <stdio.h>
44
#include <stdlib.h>
45
#include <string.h>
46
#include <time.h>
47
#include <login_cap.h>
48
#include <bsd_auth.h>
49
50
#include "util.h"
51
52
static char *pwd_update(const struct passwd *, const struct passwd *);
53
54
#define SECSPERDAY	(24 * 60 * 60)
55
#define TWOWEEKS	(2 * 7 * SECSPERDAY)
56
57
int
58
login_check_expire(FILE *back, struct passwd *pwd, char *class, int lastchance)
59
{
60
	auth_session_t *as;
61
	login_cap_t *lc;
62
	quad_t dead, expire, warn;
63
	char *p;
64
65
	if ((as = auth_open()) == NULL) {
66
		fprintf(back, BI_VALUE
67
		    " errormsg Unable to create auth session\n");
68
		fprintf(back, BI_REJECT "\n");
69
		return (1);
70
	}
71
	if (auth_setpwd(as, pwd) < 0) {
72
		fprintf(back, BI_VALUE
73
		    " errormsg Unable to set pwd entry in auth session\n");
74
		fprintf(back, BI_REJECT "\n");
75
		return (1);
76
	}
77
78
	expire = auth_check_change(as);
79
	auth_close(as);
80
81
	if (expire != 0) {
82
		fprintf(back, BI_VALUE " expire %qd\n", expire);
83
84
		if (class == NULL)
85
			class = pwd->pw_class;
86
87
		if ((lc = login_getclass(class)) == NULL) {
88
			dead = 0;
89
			warn = 0;
90
		} else {
91
			dead = login_getcaptime(lc, "password-dead", 0, 0);
92
			warn = login_getcaptime(lc, "password-warn",
93
			    TWOWEEKS, TWOWEEKS);
94
			if (dead < 0)
95
				dead = 0;
96
			if (warn < 0)
97
				warn = 0;
98
		}
99
		login_close(lc);
100
101
		/*
102
		 * If their password is dead (expired longer than
103
		 * password-dead) then just reject them.  If it is
104
		 * expired but not dead yet, reject them with a
105
		 * PWEXPIRED so login knows they can still sort of
106
		 * get in.
107
		 */
108
		if (expire < -dead) {
109
			fprintf(back, BI_VALUE
110
			    " errormsg Your password has expired\n");
111
			fprintf(back, BI_REJECT "\n");
112
			return (1);
113
		}
114
		if (expire < 0) {
115
			if (lastchance) {
116
				struct passwd *npwd;
117
118
				endpwent();
119
120
				/*
121
				 * Only let them play this game once.
122
				 * Set their password change time to 1.
123
				 * This will most certainly cause any
124
				 * expired password to be dead, as well.
125
				 */
126
				npwd = pw_dup(pwd);
127
				npwd->pw_change = 1;
128
				p = pwd_update(npwd, pwd);
129
				explicit_bzero(npwd->pw_passwd,
130
				    strlen(npwd->pw_passwd));
131
				free(npwd);
132
				if (p != NULL) {
133
					char *errval = auth_mkvalue(p);
134
					if (errval != NULL) {
135
						fprintf(back, BI_VALUE
136
						    " errormsg %s", errval);
137
						free(errval);
138
					}
139
					fprintf(back, BI_REJECT "\n");
140
					return (1);
141
				}
142
			}
143
			fprintf(back, BI_VALUE
144
			    " errormsg Your password has expired\n");
145
			fprintf(back, BI_PWEXPIRED "\n");
146
			return (1);
147
		}
148
149
		/*
150
		 * If their password is not expired but is about to expire
151
		 * then warn them.
152
		 */
153
		if (expire <= warn) {
154
			fprintf(back, BI_VALUE
155
			    " warnmsg Your password expires on %s\n",
156
			    ctime(&pwd->pw_change));
157
		}
158
	}
159
	return (0);
160
}
161
162
static char *
163
pwd_update(const struct passwd *pwd, const struct passwd *opwd)
164
{
165
	int tfd, pfd;
166
167
	pw_init();
168
	tfd = pw_lock(0);
169
	if (tfd < 0) {
170
		if (errno == EEXIST)
171
			return("the passwd file is busy.");
172
		else
173
			return("can't open passwd temp file");
174
	}
175
176
	pfd = open(_PATH_MASTERPASSWD, O_RDONLY|O_CLOEXEC, 0);
177
	if (pfd < 0) {
178
		pw_abort();
179
		return(strerror(errno));
180
	}
181
182
	pw_copy(pfd, tfd, pwd, opwd);
183
	if (pw_mkdb(pwd->pw_name, 0) < 0) {
184
		pw_abort();
185
		return("unable to update password database");
186
	}
187
188
	return(NULL);
189
}