* add functionality to `force password change at next login'. to use,

set the pw_change field of the user to -1 (defined in <pwd.h> as _PASSWORD_CHGNOW). based on [bin/936] by Simon Gerraty <sjg@quick.com.au> * clean up for WARNS?=1
1997-08-16 13:50:43 +00:00 · 1997-08-16 13:50:43 +00:00 · 049da32c75
parent 04a72f75d1
commit 049da32c75
5 changed files with 39 additions and 15 deletions
--- a/usr.bin/login/Makefile
+++ b/usr.bin/login/Makefile
@ -1,4 +1,4 @@
-#	$NetBSD: Makefile,v 1.11 1997/06/23 12:47:45 lukem Exp $
+#	$NetBSD: Makefile,v 1.12 1997/08/16 13:50:43 lukem Exp $
 #	@(#)Makefile	8.1 (Berkeley) 7/19/93

 PROG=	login
@ -7,6 +7,7 @@ DPADD=	${LIBUTIL} ${LIBCRYPT} ${LIBSKEY}
 LDADD=	-lutil -lcrypt -lskey
 CFLAGS+= -DSKEY
 LDSTATIC= -static
+WARNS?= 1

 .if defined(KERBEROS5)
 SRCS+=	k5login.c
--- a/usr.bin/login/k5login.c
+++ b/usr.bin/login/k5login.c
@ -1,4 +1,4 @@
-/*	$NetBSD: k5login.c,v 1.3 1997/02/11 08:15:08 mrg Exp $	*/
+/*	$NetBSD: k5login.c,v 1.4 1997/08/16 13:50:44 lukem Exp $	*/

 /*-
 * Copyright (c) 1990 The Regents of the University of California.
@ -33,11 +33,12 @@
 * SUCH DAMAGE.
 */

+#include <sys/cdefs.h>
 #ifndef lint
 #if 0
 static char sccsid[] = "@(#)klogin.c	5.11 (Berkeley) 7/12/92";
 #endif
-static char rcsid[] = "$NetBSD: k5login.c,v 1.3 1997/02/11 08:15:08 mrg Exp $";
+__RCSID("$NetBSD: k5login.c,v 1.4 1997/08/16 13:50:44 lukem Exp $");
 #endif /* not lint */

 #ifdef KERBEROS5
--- a/usr.bin/login/klogin.c
+++ b/usr.bin/login/klogin.c
@ -1,4 +1,4 @@
-/*	$NetBSD: klogin.c,v 1.9 1997/06/21 04:41:27 mellon Exp $	*/
+/*	$NetBSD: klogin.c,v 1.10 1997/08/16 13:50:44 lukem Exp $	*/

 /*-
 * Copyright (c) 1990, 1993, 1994
@ -34,12 +34,11 @@
 */

 #include <sys/cdefs.h>
-
 #ifndef lint
 #if 0
 static char sccsid[] = "@(#)klogin.c	8.3 (Berkeley) 4/2/94";
 #endif
-__RCSID ("$NetBSD: klogin.c,v 1.9 1997/06/21 04:41:27 mellon Exp $");
+__RCSID("$NetBSD: klogin.c,v 1.10 1997/08/16 13:50:44 lukem Exp $");
 #endif /* not lint */

 #ifdef KERBEROS
--- a/usr.bin/login/login.c
+++ b/usr.bin/login/login.c
@ -1,4 +1,4 @@
-/*	$NetBSD: login.c,v 1.23 1997/07/11 03:47:53 mikel Exp $	*/
+/*	$NetBSD: login.c,v 1.24 1997/08/16 13:50:46 lukem Exp $	*/

 /*-
 * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994
@ -33,17 +33,18 @@
 * SUCH DAMAGE.
 */

+#include <sys/cdefs.h>
 #ifndef lint
-static char copyright[] =
+__COPYRIGHT(
 "@(#) Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994\n\
-	The Regents of the University of California.  All rights reserved.\n";
+	The Regents of the University of California.  All rights reserved.\n");
 #endif /* not lint */

 #ifndef lint
 #if 0
 static char sccsid[] = "@(#)login.c	8.4 (Berkeley) 4/2/94";
 #endif
-static char rcsid[] = "$NetBSD: login.c,v 1.23 1997/07/11 03:47:53 mikel Exp $";
+__RCSID("$NetBSD: login.c,v 1.24 1997/08/16 13:50:46 lukem Exp $");
 #endif /* not lint */

 /*
@ -81,6 +82,7 @@ void	 badlogin __P((char *));
 void	 checknologin __P((void));
 void	 dolastlog __P((int));
 void	 getloginname __P((void));
+int	 main __P((int, char *[]));
 void	 motd __P((void));
 int	 rootterm __P((char *));
 void	 sigint __P((int));
@ -135,10 +137,12 @@ main(argc, argv)
 	char *domain, *p, *salt, *ttyn, *pwprompt;
 	char tbuf[MAXPATHLEN + 2], tname[sizeof(_PATH_TTY) + 10];
 	char localhost[MAXHOSTNAMELEN];
+	int need_chpass;

 	tbuf[0] = '\0';
 	rval = 0;
 	pwprompt = NULL;
+	need_chpass = 0;

 	(void)signal(SIGALRM, timedout);
 	(void)alarm(timeout);
@ -301,7 +305,6 @@ main(argc, argv)
 			if (require_skey > 0)	/* -s */
 				p = skeypw;
 			else {
-				extern char *skey_keyinfo();
 				static char skprompt[80];
 				char *skinfo = skey_keyinfo(username);
 				
@ -397,7 +400,9 @@ main(argc, argv)
 	if (pwd->pw_change || pwd->pw_expire)
 		(void)gettimeofday(&tp, (struct timezone *)NULL);
 	if (pwd->pw_change)
-		if (tp.tv_sec >= pwd->pw_change) {
+		if (pwd->pw_change == _PASSWORD_CHGNOW)
+			need_chpass = 1;
+		else if (tp.tv_sec >= pwd->pw_change) {
 			(void)printf("Sorry -- your password has expired.\n");
 			sleepexit(1);
 		} else if (pwd->pw_change - tp.tv_sec <
@ -505,9 +510,26 @@ main(argc, argv)

 	/* Discard permissions last so can't get killed and drop core. */
 	if (rootlogin)
-		(void) setuid(0);
+		(void)setuid(0);
 	else
-		(void) setuid(pwd->pw_uid);
+		(void)setuid(pwd->pw_uid);
+
+	/* Wait to change password until we're unprivileged */
+	if (need_chpass) {
+#ifdef SKEY
+		/* If the user logged on using S/Key, don't force
+		 * a password change
+		 */
+		if (used_skey) {
+			(void)printf(
+"Warning: your password has expired. Please change it as soon as possible.\n");
+		} else
+#endif
+		(void)printf(
+		    "Your password has expired. Please choose a new one.\n");
+		if (system(_PATH_BINPASSWD) != 0)
+			sleepexit(1);
+	}

 	execlp(pwd->pw_shell, tbuf, 0);
 	err(1, "%s", pwd->pw_shell);
--- a/usr.bin/login/pathnames.h
+++ b/usr.bin/login/pathnames.h
@ -1,4 +1,4 @@
-/*	$NetBSD: pathnames.h,v 1.4 1994/12/23 06:53:03 jtc Exp $	*/
+/*	$NetBSD: pathnames.h,v 1.5 1997/08/16 13:50:47 lukem Exp $	*/

 /*-
 * Copyright (c) 1989, 1993
@ -39,3 +39,4 @@

 #define	_PATH_HUSHLOGIN	".hushlogin"
 #define	_PATH_MOTDFILE	"/etc/motd"
+#define	_PATH_BINPASSWD	"/usr/bin/passwd"