static bool SetAccountLockExpiration(const char *puser, bool lock)
{
if (!PlatformSupportsExpirationLock())
{
return true;
}
char cmd[CF_BUFSIZE + strlen(puser)];
strcpy (cmd, USERMOD);
StringAppend(cmd, " -e \"", sizeof(cmd));
if (lock)
{
StringAppend(cmd, GetPlatformSpecificExpirationDate(), sizeof(cmd));
}
StringAppend(cmd, "\" ", sizeof(cmd));
StringAppend(cmd, puser, sizeof(cmd));
Log(LOG_LEVEL_VERBOSE, "%s user '%s' by setting expiry date. (command: '%s')",
lock ? "Locking" : "Unlocking", puser, cmd);
int status;
status = system(cmd);
if (!WIFEXITED(status) || WEXITSTATUS(status) != 0)
{
Log(LOG_LEVEL_ERR, "Command returned error while %s user '%s'. (Command line: '%s')",
lock ? "locking" : "unlocking", puser, cmd);
return false;
}
return true;
}
static bool SetAccountLocked(const char *puser, const char *hash, bool lock)
{
char cmd[CF_BUFSIZE + strlen(hash)];
strcpy (cmd, USERMOD);
StringAppend(cmd, " -e \"", sizeof(cmd));
if (lock)
{
if (hash[0] != '!')
{
char new_hash[strlen(hash) + 2];
sprintf(new_hash, "!%s", hash);
if (!ChangePassword(puser, new_hash, PASSWORD_FORMAT_HASH))
{
return false;
}
}
StringAppend(cmd, GetPlatformSpecificExpirationDate(), sizeof(cmd));
}
else
{
// Important to check. Password may already have been changed if that was also
// specified in the policy.
if (hash[0] == '!')
{
if (!ChangePassword(puser, &hash[1], PASSWORD_FORMAT_HASH))
{
return false;
}
}
}
StringAppend(cmd, "\" ", sizeof(cmd));
StringAppend(cmd, puser, sizeof(cmd));
Log(LOG_LEVEL_VERBOSE, "%s user '%s' by setting expiry date. (command: '%s')",
lock ? "Locking" : "Unlocking", puser, cmd);
int status;
status = system(cmd);
if (!WIFEXITED(status) || WEXITSTATUS(status) != 0)
{
Log(LOG_LEVEL_ERR, "Command returned error while %s user '%s'. (Command line: '%s')",
lock ? "locking" : "unlocking", puser, cmd);
return false;
}
return true;
}
