From ae532ecb79a736724b77e8ceab00bb73ea1e3e18 Mon Sep 17 00:00:00 2001 From: Mike Pritchard Date: Mon, 28 Aug 1995 21:30:59 +0000 Subject: [PATCH] Check for expired passwords before allowing access to the system. --- libexec/atrun/atrun.c | 11 ++++++++++- libexec/ftpd/ftpd.c | 3 ++- libexec/rexecd/rexecd.c | 3 ++- libexec/rshd/rshd.c | 5 +++-- libexec/uucpd/uucpd.c | 2 ++ usr.bin/su/su.c | 7 +++++++ usr.sbin/cron/lib/entry.c | 7 ++++++- usr.sbin/pppd/auth.c | 5 ++++- 8 files changed, 36 insertions(+), 7 deletions(-) diff --git a/libexec/atrun/atrun.c b/libexec/atrun/atrun.c index 9bd7aca828d5..8ff1bfa0d59f 100644 --- a/libexec/atrun/atrun.c +++ b/libexec/atrun/atrun.c @@ -71,7 +71,7 @@ /* File scope variables */ static char *namep; -static char rcsid[] = "$Id: atrun.c,v 1.5 1995/08/10 04:06:53 ache Exp $"; +static char rcsid[] = "$Id: atrun.c,v 1.5 1995/08/21 12:34:17 ache Exp $"; static debug = 0; void perr(const char *a); @@ -154,6 +154,15 @@ run_file(const char *filename, uid_t uid, gid_t gid) PRIV_END +#ifdef __FreeBSD__ + if (pentry->pw_expire && time(NULL) >= pentry->pw_expire) + { + syslog(LOG_ERR, "Userid %lu is expired - aborting job %s", + (unsigned long) uid, filename); + exit(EXIT_FAILURE); + } +#endif + if (stream == NULL) perr("Cannot open input file"); diff --git a/libexec/ftpd/ftpd.c b/libexec/ftpd/ftpd.c index 8776124171c5..832f175dffad 100644 --- a/libexec/ftpd/ftpd.c +++ b/libexec/ftpd/ftpd.c @@ -30,7 +30,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: ftpd.c,v 1.10 1995/05/30 05:45:58 rgrimes Exp $ + * $Id: ftpd.c,v 1.11 1995/08/05 19:12:05 pst Exp $ */ #ifndef lint @@ -579,6 +579,7 @@ pass(passwd) #endif /* The strcmp does not catch null passwords! */ if (pw == NULL || *pw->pw_passwd == '\0' || + (pw->pw_expire && time(NULL) >= pw->pw_expire) || strcmp(xpasswd, pw->pw_passwd)) { reply(530, "Login incorrect."); if (logging) diff --git a/libexec/rexecd/rexecd.c b/libexec/rexecd/rexecd.c index 5fc36175c296..9c6d029f751a 100644 --- a/libexec/rexecd/rexecd.c +++ b/libexec/rexecd/rexecd.c @@ -188,7 +188,8 @@ doit(f, fromp) } } - if (pwd->pw_uid == 0 || *pwd->pw_passwd == '\0') { + if (pwd->pw_uid == 0 || *pwd->pw_passwd == '\0' || + (pwd->pw_expire && time(NULL) >= pwd->pw_expire)) { syslog(LOG_ERR, "%s LOGIN REFUSED from %s", user, remote); error("Login incorrect.\n"); exit(1); diff --git a/libexec/rshd/rshd.c b/libexec/rshd/rshd.c index 1b9eea9e1e58..77636015f340 100644 --- a/libexec/rshd/rshd.c +++ b/libexec/rshd/rshd.c @@ -445,9 +445,10 @@ doit(fromp) #endif if (errorstr || - pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0' && + (pwd->pw_expire && time(NULL) >= pwd->pw_expire) || + (pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0' && iruserok(fromp->sin_addr.s_addr, pwd->pw_uid == 0, - remuser, locuser) < 0) { + remuser, locuser) < 0)) { if (__rcmd_errstr) syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: permission denied (%s). cmd='%.80s'", diff --git a/libexec/uucpd/uucpd.c b/libexec/uucpd/uucpd.c index 490e4c51d0cb..f645eea75214 100644 --- a/libexec/uucpd/uucpd.c +++ b/libexec/uucpd/uucpd.c @@ -159,6 +159,8 @@ void doit(struct sockaddr_in *sinp) login_incorrect(user, sinp); if (strcmp(pw->pw_shell, _PATH_UUCICO)) login_incorrect(user, sinp); + if (pw->pw_expire && time(NULL) >= pw->pw_expire) + login_incorrect(user, sinp); if (pw->pw_passwd && *pw->pw_passwd != '\0') { printf("Password: "); fflush(stdout); if (readline(passwd, sizeof passwd, 1) < 0) { diff --git a/usr.bin/su/su.c b/usr.bin/su/su.c index df7165b8c823..b3eb587dfecb 100644 --- a/usr.bin/su/su.c +++ b/usr.bin/su/su.c @@ -214,6 +214,13 @@ main(argc, argv) } #endif /* WHEELSU */ } + if (pwd->pw_expire && time(NULL) >= pwd->pw_expire) { + fprintf(stderr, "Sorry - account expired\n"); + syslog(LOG_AUTH|LOG_WARNING, + "BAD SU %s to %s%s", username, + user, ontty()); + exit(1); + } } } diff --git a/usr.sbin/cron/lib/entry.c b/usr.sbin/cron/lib/entry.c index 13d1644c0ef0..efec41255d0c 100644 --- a/usr.sbin/cron/lib/entry.c +++ b/usr.sbin/cron/lib/entry.c @@ -16,7 +16,7 @@ */ #if !defined(lint) && !defined(LINT) -static char rcsid[] = "$Id: entry.c,v 1.2 1995/04/12 19:04:26 ache Exp $"; +static char rcsid[] = "$Id: entry.c,v 1.3 1995/05/30 03:47:10 rgrimes Exp $"; #endif /* vix 26jan87 [RCS'd; rest of log is in RCS file] @@ -241,6 +241,11 @@ load_entry(file, error_func, pw, envp) Debug(DPARS, ("load_entry()...uid %d, gid %d\n",e->uid,e->gid)) } + if (pw->pw_expire && time(NULL) >= pw->pw_expire) { + ecode = e_username; + goto eof; + } + e->uid = pw->pw_uid; e->gid = pw->pw_gid; diff --git a/usr.sbin/pppd/auth.c b/usr.sbin/pppd/auth.c index e8b2d06e15d6..ec6ab986fec1 100644 --- a/usr.sbin/pppd/auth.c +++ b/usr.sbin/pppd/auth.c @@ -33,7 +33,7 @@ */ #ifndef lint -static char rcsid[] = "$Id: auth.c,v 1.2 1994/09/25 02:31:52 wollman Exp $"; +static char rcsid[] = "$Id: auth.c,v 1.3 1995/05/30 03:51:04 rgrimes Exp $"; #endif #include @@ -456,6 +456,9 @@ login(user, passwd, msg, msglen) return (UPAP_AUTHNAK); } + if (pw->pw_expire && time(NULL) >= pw->pw_expire) + return (UPAP_AUTHNAK); + /* * XXX If no passwd, let them login without one. */