From owner-freebsd-audit Sat May 12 0: 6: 2 2001 Delivered-To: freebsd-audit@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 885) id A5AEC37B423; Sat, 12 May 2001 00:05:59 -0700 (PDT) Date: Sat, 12 May 2001 00:05:59 -0700 From: Eric Melville To: freebsd-audit@freebsd.org Subject: login(1) patch Message-ID: <20010512000559.B12766@FreeBSD.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Check for account expiration and password expiration in the proper order. Obtained from OpenBSD. Any objections or comments? Index: login.c =================================================================== RCS file: /home/ncvs/src/usr.bin/login/login.c,v retrieving revision 1.57 diff -u -r1.57 login.c --- login.c 2001/03/27 19:40:50 1.57 +++ login.c 2001/05/12 02:19:31 @@ -415,6 +415,19 @@ #define DEFAULT_WARN (2L * 7L * 86400L) /* Two weeks */ + + warntime = login_getcaptime(lc, "warnexpire", + DEFAULT_WARN, DEFAULT_WARN); + + if (pwd->pw_expire) { + if (tp.tv_sec >= pwd->pw_expire) { + refused("Sorry -- your account has expired", + "EXPIRED", 1); + } else if (pwd->pw_expire - tp.tv_sec < warntime && !quietlog) + (void)printf("Warning: your account expires on %s", + ctime(&pwd->pw_expire)); + } + warntime = login_getcaptime(lc, "warnpassword", DEFAULT_WARN, DEFAULT_WARN); @@ -429,18 +442,6 @@ } else if (pwd->pw_change - tp.tv_sec < warntime && !quietlog) (void)printf("Warning: your password expires on %s", ctime(&pwd->pw_change)); - } - - warntime = login_getcaptime(lc, "warnexpire", - DEFAULT_WARN, DEFAULT_WARN); - - if (pwd->pw_expire) { - if (tp.tv_sec >= pwd->pw_expire) { - refused("Sorry -- your account has expired", - "EXPIRED", 1); - } else if (pwd->pw_expire - tp.tv_sec < warntime && !quietlog) - (void)printf("Warning: your account expires on %s", - ctime(&pwd->pw_expire)); } if (lc != NULL) { To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message