From 50b73af8729b6753c71ba6206632561b5974523d Mon Sep 17 00:00:00 2001

From: Noriko Hosoi <nhosoi@redhat.com>

Date: Wed, 11 Jan 2017 14:14:40 -0800

Subject: [PATCH 61/67] Ticket #49080 - shadowExpire should not be a calculated

 value

Description: Reverting the changes made on shadowExpire in the ticket 548.

Thanks to Gordon Messmer (gordon.messmer@gmail.com) for providing the original patch.

Reviewed by William Brown <wibrown@redhat.com> (Thanks!!).

(cherry picked from commit 14eb192b0f99ae3d811fd8a5bb40713bc85ea533)

(cherry picked from commit 2ca12fc5b79dbbb8889eba6da7b4ce59cd6cb86d)

---

 ldap/servers/slapd/pw.c | 29 +++++------------------------

 1 file changed, 5 insertions(+), 24 deletions(-)

diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c

index 6f02f90..ce1ca2a 100644

--- a/ldap/servers/slapd/pw.c

+++ b/ldap/servers/slapd/pw.c

@@ -2803,7 +2803,6 @@ add_shadow_ext_password_attrs(Slapi_PBlock *pb, Slapi_Entry **e)

     const char *dn = NULL;

     passwdPolicy *pwpolicy = NULL;

     long long shadowval = 0;

-    long long exptime = 0;

     Slapi_Mods *smods = NULL;

     LDAPMod **mods;

     long long sval;

@@ -2811,7 +2810,6 @@ add_shadow_ext_password_attrs(Slapi_PBlock *pb, Slapi_Entry **e)

     char *shmin = NULL;

     char *shmax = NULL;

     char *shwarn = NULL;

-    char *shexp = NULL;

     int rc = 0;

     if (!e || !*e) {

@@ -2861,7 +2859,6 @@ add_shadow_ext_password_attrs(Slapi_PBlock *pb, Slapi_Entry **e)

     /* shadowMax - the maximum number of days for which the user password remains valid. */

     if (pwpolicy->pw_maxage > 0) {

         shadowval = pwpolicy->pw_maxage / _SEC_PER_DAY;

-        exptime = time_plus_sec(current_time(), pwpolicy->pw_maxage);

         if (shadowval > _MAX_SHADOW) {

             shadowval = _MAX_SHADOW;

         }

@@ -2903,22 +2900,6 @@ add_shadow_ext_password_attrs(Slapi_PBlock *pb, Slapi_Entry **e)

         shwarn = slapi_ch_smprintf("%lld", shadowval);

     }

-    /* shadowExpire - the date on which the user login will be disabled. */

-    if (exptime) {

-        shexp = slapi_entry_attr_get_charptr(*e, "shadowExpire");

-        exptime /= _SEC_PER_DAY;

-        if (shexp) {

-            sval = strtoll(shexp, NULL, 0);

-            if (sval != exptime) {

-                slapi_ch_free_string(&shexp);

-                shexp = slapi_ch_smprintf("%lld", exptime);

-                mod_num++;

-            }

-        } else {

-            mod_num++;

-            shexp = slapi_ch_smprintf("%lld", exptime);

-        }

-    }

     smods = slapi_mods_new();

     slapi_mods_init(smods, mod_num);

     if (shmin) {

@@ -2933,10 +2914,6 @@ add_shadow_ext_password_attrs(Slapi_PBlock *pb, Slapi_Entry **e)

         slapi_mods_add(smods, LDAP_MOD_REPLACE, "shadowWarning", strlen(shwarn), shwarn);

         slapi_ch_free_string(&shwarn);

     }

-    if (shexp) {

-        slapi_mods_add(smods, LDAP_MOD_REPLACE, "shadowExpire", strlen(shexp), shexp);

-        slapi_ch_free_string(&shexp);

-    }

     /* Apply the  mods to create the resulting entry. */

     mods = slapi_mods_get_ldapmods_byref(smods);

     if (mods) {

@@ -2947,11 +2924,15 @@ add_shadow_ext_password_attrs(Slapi_PBlock *pb, Slapi_Entry **e)

     }

     slapi_mods_free(&smods);

-#if 0 /* These 2 attributes are no need (or not able) to auto-fill. */

+#if 0 /* These 3 attributes are no need (or not able) to auto-fill. */

     /* 

      * shadowInactive - the number of days of inactivity allowed for the user.

      * Password Policy does not have the corresponding parameter.

      * 

+     * shadowExpire - the number of days since Jan 1, 1970 after which the

+     * account, not the password, will expire.  This is not affected by the

+     * Password Policy.

+     * 

      * shadowFlag - not currently in use.

      */

 #endif

-- 

2.9.3