static int _unix_verify_shadow(pam_handle_t *pamh, const char *user, unsigned int ctrl)
{
struct passwd *pwent = NULL; /* Password and shadow password */
struct spwd *spent = NULL; /* file entries for the user */
int daysleft;
int retval;
retval = get_account_info(pamh, user, &pwent, &spent);
if (retval == PAM_USER_UNKNOWN) {
return retval;
}
if (retval == PAM_SUCCESS && spent == NULL)
return PAM_SUCCESS;
if (retval == PAM_UNIX_RUN_HELPER) {
retval = _unix_run_verify_binary(pamh, ctrl, user, &daysleft);
if (retval == PAM_AUTH_ERR || retval == PAM_USER_UNKNOWN)
return retval;
}
else if (retval == PAM_SUCCESS)
retval = check_shadow_expiry(pamh, spent, &daysleft);
if (on(UNIX__IAMROOT, ctrl) || retval == PAM_NEW_AUTHTOK_REQD)
return PAM_SUCCESS;
return retval;
}
static int _check_expiry(const char *uname)
{
struct spwd *spent;
struct passwd *pwent;
int retval;
int daysleft;
retval = get_account_info(uname, &pwent, &spent);
if (retval != PAM_SUCCESS) {
helper_log_err(LOG_ALERT, "could not obtain user info (%s)", uname);
printf("-1\n");
return retval;
}
if (spent == NULL) {
printf("-1\n");
return retval;
}
retval = check_shadow_expiry(spent, &daysleft);
printf("%d\n", daysleft);
return retval;
}
