static int _unix_verify_shadow(pam_handle_t *pamh, const char *user, unsigned int ctrl) { struct passwd *pwent = NULL; /* Password and shadow password */ struct spwd *spent = NULL; /* file entries for the user */ int daysleft; int retval; retval = get_account_info(pamh, user, &pwent, &spent); if (retval == PAM_USER_UNKNOWN) { return retval; } if (retval == PAM_SUCCESS && spent == NULL) return PAM_SUCCESS; if (retval == PAM_UNIX_RUN_HELPER) { retval = _unix_run_verify_binary(pamh, ctrl, user, &daysleft); if (retval == PAM_AUTH_ERR || retval == PAM_USER_UNKNOWN) return retval; } else if (retval == PAM_SUCCESS) retval = check_shadow_expiry(pamh, spent, &daysleft); if (on(UNIX__IAMROOT, ctrl) || retval == PAM_NEW_AUTHTOK_REQD) return PAM_SUCCESS; return retval; }
static int _check_expiry(const char *uname) { struct spwd *spent; struct passwd *pwent; int retval; int daysleft; retval = get_account_info(uname, &pwent, &spent); if (retval != PAM_SUCCESS) { helper_log_err(LOG_ALERT, "could not obtain user info (%s)", uname); printf("-1\n"); return retval; } if (spent == NULL) { printf("-1\n"); return retval; } retval = check_shadow_expiry(spent, &daysleft); printf("%d\n", daysleft); return retval; }