[packages/nss_ldapd] - use proper attr for expiration - added "never expire" checks

Wed Dec 25 22:09:56 CET 2013

commit eef43a7047c2c6e500108ffd0ceac04879147a0e
Author: Jan Rękorajski <baggins at pld-linux.org>
Date:   Wed Dec 25 22:09:08 2013 +0100

    - use proper attr for expiration
    - added "never expire" checks

 shadowExpire-from-AD.patch | 33 ++++++++++++++++++++++++++++-----
 1 file changed, 28 insertions(+), 5 deletions(-)
---

diff --git a/shadowExpire-from-AD.patch b/shadowExpire-from-AD.patch
index 468fcc2..529afe8 100644
--- a/shadowExpire-from-AD.patch
+++ b/shadowExpire-from-AD.patch
@@ -1,18 +1,41 @@
---- nss-pam-ldapd-0.9.2/nslcd/shadow.c~	2013-12-24 23:52:54.743671978 +0100
-+++ nss-pam-ldapd-0.9.2/nslcd/shadow.c	2013-12-25 12:03:02.282720882 +0100
-@@ -119,7 +119,7 @@
+diff -ur nss-pam-ldapd-0.9.2.orig/nslcd/shadow.c nss-pam-ldapd-0.9.2/nslcd/shadow.c
+--- nss-pam-ldapd-0.9.2.orig/nslcd/shadow.c	2013-12-25 21:19:27.738039363 +0100
++++ nss-pam-ldapd-0.9.2/nslcd/shadow.c	2013-12-25 22:02:48.367992964 +0100
+@@ -118,9 +118,15 @@
+   long value;
    char *tmp;
    size_t l;
++  int ad_lastchg = strcasecmp(attr, "pwdLastSet");
++  int ad_expire = strcasecmp(attr, "accountExpires");
    /* do some special handling for date values on AD */
 -  if (strcasecmp(attr, "pwdLastSet") == 0)
-+  if ((strcasecmp(attr, "pwdLastSet") == 0) || (strcasecmp(attr, "accountExpires") == 0))
++  if ((ad_lastchg == 0) || (ad_expire == 0))
    {
++    /* A value of 0 or 0x7FFFFFFFFFFFFFFF (9223372036854775807)
++     * indicates that the account never expires. */
++    if ((ad_expire == 0) && (strcasecmp(date, "9223372036854775807") == 0))
++      return -1;
      /* we expect an AD 64-bit datetime value;
         we should do date=date/864000000000-134774
-@@ -200,12 +200,12 @@
+        but that causes problems on 32-bit platforms,
+@@ -143,6 +149,8 @@
+       log_log(LOG_WARNING, "%s: %s: out of range", dn, attr);
+       return -1;
+     }
++    if ((ad_expire == 0) && (value == 0))
++      return -1;
+     return value / 864 - 134774;
+     /* note that AD does not have expiry dates but a lastchangeddate
+        and some value that needs to be added */
+@@ -200,12 +208,17 @@
    if (tmpvalue == NULL)
      tmpvalue = "";
    *lastchangedate = to_date(myldap_get_dn(entry), tmpvalue, attmap_shadow_shadowLastChange);
++  /* get expiration date */
++  tmpvalue = attmap_get_value(entry, attmap_shadow_shadowExpire,
++                              buffer, sizeof(buffer));
++  if (tmpvalue == NULL)
++    tmpvalue = "";
 +  *expiredate = to_date(myldap_get_dn(entry), tmpvalue, attmap_shadow_shadowExpire);
    /* get other shadow properties */
    GET_OPTIONAL_LONG(*mindays, shadowMin, -1);
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/nss_ldapd.git/commitdiff/1c96bb735aa95ad2762c4eee9d1e0d5ab8e83ab1

