---- nss-pam-ldapd-0.9.2/nslcd/shadow.c~ 2013-12-24 23:52:54.743671978 +0100
-+++ nss-pam-ldapd-0.9.2/nslcd/shadow.c 2013-12-25 12:03:02.282720882 +0100
-@@ -119,7 +119,7 @@
+diff -ur nss-pam-ldapd-0.9.2.orig/nslcd/shadow.c nss-pam-ldapd-0.9.2/nslcd/shadow.c
+--- nss-pam-ldapd-0.9.2.orig/nslcd/shadow.c 2013-12-25 21:19:27.738039363 +0100
++++ nss-pam-ldapd-0.9.2/nslcd/shadow.c 2013-12-25 22:02:48.367992964 +0100
+@@ -118,9 +118,15 @@
+ long value;
char *tmp;
size_t l;
++ int ad_lastchg = strcasecmp(attr, "pwdLastSet");
++ int ad_expire = strcasecmp(attr, "accountExpires");
/* do some special handling for date values on AD */
- if (strcasecmp(attr, "pwdLastSet") == 0)
-+ if ((strcasecmp(attr, "pwdLastSet") == 0) || (strcasecmp(attr, "accountExpires") == 0))
++ if ((ad_lastchg == 0) || (ad_expire == 0))
{
++ /* A value of 0 or 0x7FFFFFFFFFFFFFFF (9223372036854775807)
++ * indicates that the account never expires. */
++ if ((ad_expire == 0) && (strcasecmp(date, "9223372036854775807") == 0))
++ return -1;
/* we expect an AD 64-bit datetime value;
we should do date=date/864000000000-134774
-@@ -200,12 +200,12 @@
+ but that causes problems on 32-bit platforms,
+@@ -143,6 +149,8 @@
+ log_log(LOG_WARNING, "%s: %s: out of range", dn, attr);
+ return -1;
+ }
++ if ((ad_expire == 0) && (value == 0))
++ return -1;
+ return value / 864 - 134774;
+ /* note that AD does not have expiry dates but a lastchangeddate
+ and some value that needs to be added */
+@@ -200,12 +208,17 @@
if (tmpvalue == NULL)
tmpvalue = "";
*lastchangedate = to_date(myldap_get_dn(entry), tmpvalue, attmap_shadow_shadowLastChange);
++ /* get expiration date */
++ tmpvalue = attmap_get_value(entry, attmap_shadow_shadowExpire,
++ buffer, sizeof(buffer));
++ if (tmpvalue == NULL)
++ tmpvalue = "";
+ *expiredate = to_date(myldap_get_dn(entry), tmpvalue, attmap_shadow_shadowExpire);
/* get other shadow properties */
GET_OPTIONAL_LONG(*mindays, shadowMin, -1);
projects / packages / nss_ldapd.git / commitdiff