heck for account and password expiration

author Alan T. DeKok <aland@freeradius.org>

Tue, 7 Feb 2012 19:58:52 +0000 (20:58 +0100)

committer Alan T. DeKok <aland@freeradius.org>

Tue, 7 Feb 2012 19:58:52 +0000 (20:58 +0100)
author Alan T. DeKok <aland@freeradius.org>
Tue, 7 Feb 2012 19:58:52 +0000 (20:58 +0100)
committer Alan T. DeKok <aland@freeradius.org>
Tue, 7 Feb 2012 19:58:52 +0000 (20:58 +0100)
diff --git a/src/modules/rlm_unix/rlm_unix.c b/src/modules/rlm_unix/rlm_unix.c

index 3ba5acdd5d7d4b9a8ebe3c3630c32b8521199562..9caab7a1fe236e896f29a9337c40ade8fe0e424e 100644 (file)
--- a/src/modules/rlm_unix/rlm_unix.c
+++ b/src/modules/rlm_unix/rlm_unix.c
@@ -274,9 +274,17 @@ static int unix_getpw(UNUSED void *instance, REQUEST *request,
         /*
          *      Check if password has expired.
          */
+       if (spwd && spwd->sp_lstchg > 0 && spwd->sp_max >= 0 &&
+           (request->timestamp / 86400) > (spwd->sp_lstchg + spwd->sp_max)) {
+               radlog_request(L_AUTH, 0, request, "[%s]: password has expired", name);
+               return RLM_MODULE_REJECT;
+       }
+       /*
+        *      Check if account has expired.
+        */
         if (spwd && spwd->sp_expire > 0 &&
             (request->timestamp / 86400) > spwd->sp_expire) {
-               radlog_request(L_AUTH, 0, request, "[%s]: password has expired", name);
+               radlog_request(L_AUTH, 0, request, "[%s]: account has expired", name);
                 return RLM_MODULE_REJECT;
         }
  #endif
author	Alan T. DeKok <aland@freeradius.org>
	Tue, 7 Feb 2012 19:58:52 +0000 (20:58 +0100)
committer	Alan T. DeKok <aland@freeradius.org>
	Tue, 7 Feb 2012 19:58:52 +0000 (20:58 +0100)