Check for expired passwords before allowing access to the system.

svn path=/head/; revision=10401

libexec/atrun/atrun.c

@@ -71,7 +71,7 @@
 /* File scope variables */
 
 static char *namep;
-static char rcsid[] = "$Id: atrun.c,v 1.5 1995/08/10 04:06:53 ache Exp $";
+static char rcsid[] = "$Id: atrun.c,v 1.5 1995/08/21 12:34:17 ache Exp $";
 static debug = 0;
 
 void perr(const char *a);
@@ -154,6 +154,15 @@ run_file(const char *filename, uid_t uid, gid_t gid)
 
     PRIV_END
 
+#ifdef __FreeBSD__
+    if (pentry->pw_expire && time(NULL) >= pentry->pw_expire)
+    {
+	syslog(LOG_ERR, "Userid %lu is expired - aborting job %s",
+		(unsigned long) uid, filename);
+	exit(EXIT_FAILURE);
+    }
+#endif
+
     if (stream == NULL)
 	perr("Cannot open input file");
 

libexec/ftpd/ftpd.c

@@ -30,7 +30,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- *	$Id: ftpd.c,v 1.10 1995/05/30 05:45:58 rgrimes Exp $
+ *	$Id: ftpd.c,v 1.11 1995/08/05 19:12:05 pst Exp $
  */
 
 #ifndef lint
@@ -579,6 +579,7 @@ pass(passwd)
 #endif
 		/* The strcmp does not catch null passwords! */
 		if (pw == NULL || *pw->pw_passwd == '\0' ||
+		    (pw->pw_expire && time(NULL) >= pw->pw_expire) ||
 		    strcmp(xpasswd, pw->pw_passwd)) {
 			reply(530, "Login incorrect.");
 			if (logging)

libexec/rexecd/rexecd.c

@@ -188,7 +188,8 @@ doit(f, fromp)
 		}
 	}
 
-	if (pwd->pw_uid == 0 || *pwd->pw_passwd == '\0') {
+	if (pwd->pw_uid == 0 || *pwd->pw_passwd == '\0' ||
+	    (pwd->pw_expire && time(NULL) >= pwd->pw_expire)) {
 		syslog(LOG_ERR, "%s LOGIN REFUSED from %s", user, remote);
 		error("Login incorrect.\n");
 		exit(1);

libexec/rshd/rshd.c

@@ -445,9 +445,10 @@ doit(fromp)
 #endif
 
 		if (errorstr ||
-		    pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0' &&
+		    (pwd->pw_expire && time(NULL) >= pwd->pw_expire) ||
+		    (pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0' &&
 		    iruserok(fromp->sin_addr.s_addr, pwd->pw_uid == 0,
-		    remuser, locuser) < 0) {
+		    remuser, locuser) < 0)) {
 			if (__rcmd_errstr)
 				syslog(LOG_INFO|LOG_AUTH,
 			    "%s@%s as %s: permission denied (%s). cmd='%.80s'",

libexec/uucpd/uucpd.c

@@ -159,6 +159,8 @@ void doit(struct sockaddr_in *sinp)
 		login_incorrect(user, sinp);
 	if (strcmp(pw->pw_shell, _PATH_UUCICO))
 		login_incorrect(user, sinp);
+	if (pw->pw_expire && time(NULL) >= pw->pw_expire)
+		login_incorrect(user, sinp);
 	if (pw->pw_passwd && *pw->pw_passwd != '\0') {
 		printf("Password: "); fflush(stdout);
 		if (readline(passwd, sizeof passwd, 1) < 0) {

usr.bin/su/su.c

@@ -214,6 +214,13 @@ main(argc, argv)
 			}
 #endif /* WHEELSU */
 		}
+		if (pwd->pw_expire && time(NULL) >= pwd->pw_expire) {
+			fprintf(stderr, "Sorry - account expired\n");
+			syslog(LOG_AUTH|LOG_WARNING,
+				"BAD SU %s to %s%s", username,
+				user, ontty());
+			exit(1);
+		}
 	    }
 	}
 

usr.sbin/cron/lib/entry.c

@@ -16,7 +16,7 @@
  */
 
 #if !defined(lint) && !defined(LINT)
-static char rcsid[] = "$Id: entry.c,v 1.2 1995/04/12 19:04:26 ache Exp $";
+static char rcsid[] = "$Id: entry.c,v 1.3 1995/05/30 03:47:10 rgrimes Exp $";
 #endif
 
 /* vix 26jan87 [RCS'd; rest of log is in RCS file]
@@ -241,6 +241,11 @@ load_entry(file, error_func, pw, envp)
 		Debug(DPARS, ("load_entry()...uid %d, gid %d\n",e->uid,e->gid))
 	}
 
+	if (pw->pw_expire && time(NULL) >= pw->pw_expire) {
+		ecode = e_username;
+		goto eof;
+	}
+
 	e->uid = pw->pw_uid;
 	e->gid = pw->pw_gid;
 

usr.sbin/pppd/auth.c

@@ -33,7 +33,7 @@
  */
 
 #ifndef lint
-static char rcsid[] = "$Id: auth.c,v 1.2 1994/09/25 02:31:52 wollman Exp $";
+static char rcsid[] = "$Id: auth.c,v 1.3 1995/05/30 03:51:04 rgrimes Exp $";
 #endif
 
 #include <stdio.h>
@@ -456,6 +456,9 @@ login(user, passwd, msg, msglen)
 	return (UPAP_AUTHNAK);
     }
 
+    if (pw->pw_expire && time(NULL) >= pw->pw_expire)
+	return (UPAP_AUTHNAK);
+
     /*
      * XXX If no passwd, let them login without one.
      */