From: Ondřej Kuzník <ondra@mistotebe.net>
Date: Thu, 24 Oct 2019 13:04:35 +0000 (+0100)
Subject: ITS#9156 Implement pwdStartTime and pwdEndTime
X-Git-Tag: OPENLDAP_REL_ENG_2_5_0ALPHA~63^2~11
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c0ae078afd7201b503dfd1fc04bdb4dc85288137;p=thirdparty%2Fopenldap.git

ITS#9156 Implement pwdStartTime and pwdEndTime
---

diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c
index f379c0c4f6..5dc7088824 100644
--- a/servers/slapd/overlays/ppolicy.c
+++ b/servers/slapd/overlays/ppolicy.c
@@ -507,6 +507,40 @@ account_locked( Operation *op, Entry *e,
 
 	assert(mod != NULL);
 
+	if ( (la = attr_find( e->e_attrs, ad_pwdStartTime )) != NULL ) {
+		BerVarray vals = la->a_nvals;
+		time_t then, now = op->o_time;
+
+		/*
+		 * Password has a defined start of validity
+		 */
+		if ( vals[0].bv_val != NULL ) {
+			if ( (then = parse_time( vals[0].bv_val )) == (time_t)-1 ) {
+				return 1;
+			}
+			if ( now < then ) {
+				return 1;
+			}
+		}
+	}
+
+	if ( (la = attr_find( e->e_attrs, ad_pwdEndTime )) != NULL ) {
+		BerVarray vals = la->a_nvals;
+		time_t then, now = op->o_time;
+
+		/*
+		 * Password has a defined end of validity
+		 */
+		if ( vals[0].bv_val != NULL ) {
+			if ( (then = parse_time( vals[0].bv_val )) == (time_t)-1 ) {
+				return 1;
+			}
+			if ( then <= now ) {
+				return 1;
+			}
+		}
+	}
+
 	if ( !pp->pwdLockout )
 		return 0;