- (djm) Tweak password expiry checking at suggestion of Kevin Steves

   <stevesk@sweden.hp.com>

2 files changed, 6 insertions, 4 deletions

diff --git a/ChangeLog b/ChangeLog
index 9adb880d2..f0640e55e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,8 @@
    <stevesk@sweden.hp.com>
  - (djm) Redhat spec and manpage fixes from Pekka Savola <pekkas@netcore.fi>
  - (djm) Seperate tests for int64_t and u_int64_t types
+ - (djm) Tweak password expiry checking at suggestion of Kevin Steves 
+   <stevesk@sweden.hp.com>
 
 20000920
  - (djm) Fix bad path substitution. Report from Andrew Miner
diff --git a/auth.c b/auth.c
index ae8c79843..883f08ab0 100644
--- a/auth.c
+++ b/auth.c
@@ -81,8 +81,8 @@ allowed_user(struct passwd * pw)
 #ifdef WITH_AIXAUTHENTICATE
         char *loginmsg;
 #endif /* WITH_AIXAUTHENTICATE */
-#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) && \
-        defined(HAS_SHADOW_EXPIRE)
+#if !defined(PAM) && defined(HAVE_SHADOW_H) && \
+        !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
   struct spwd *spw;
 
         /* Shouldn't be called if pw is NULL, but better safe than sorry... */
@@ -94,11 +94,11 @@ allowed_user(struct passwd * pw)
                 int days = time(NULL) / 86400;
 
                 /* Check account expiry */
-                if ((spw->sp_expire > 0) && (days > spw->sp_expire))
+                if ((spw->sp_expire >= 0) && (days > spw->sp_expire))
                         return 0;
 
                 /* Check password expiry */
-                if ((spw->sp_lstchg > 0) && (spw->sp_max > 0) && 
+                if ((spw->sp_lstchg >= 0) && (spw->sp_max >= 0) && 
                     (days > (spw->sp_lstchg + spw->sp_max)))
                         return 0;
         }