New upstream version 1.1.2

1 files changed, 7 insertions, 1 deletions

diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c
index d175dfa5..5199a690 100644
--- a/modules/pam_unix/passverify.c
+++ b/modules/pam_unix/passverify.c
@@ -240,7 +240,7 @@ PAMH_ARG_DECL(int check_shadow_expiry,
 	*daysleft = -1;
 	curdays = (long int)(time(NULL) / (60 * 60 * 24));
 	D(("today is %d, last change %d", curdays, spent->sp_lstchg));
-	if ((curdays > spent->sp_expire) && (spent->sp_expire != -1)) {
+	if ((curdays >= spent->sp_expire) && (spent->sp_expire != -1)) {
 		D(("account expired"));
 		return PAM_ACCT_EXPIRED;
 	}
@@ -909,6 +909,9 @@ PAMH_ARG_DECL(int unix_update_shadow,
 	if (!strcmp(stmpent->sp_namp, forwho)) {
 	    stmpent->sp_pwdp = towhat;
 	    stmpent->sp_lstchg = time(NULL) / (60 * 60 * 24);
+	    if (stmpent->sp_lstchg == 0)
+	        stmpent->sp_lstchg = -1; /* Don't request passwort change
+					    only because time isn't set yet. */
 	    wroteentry = 1;
 	    D(("Set password %s for %s", stmpent->sp_pwdp, forwho));
 	}
@@ -928,6 +931,9 @@ PAMH_ARG_DECL(int unix_update_shadow,
 	spwdent.sp_namp = forwho;
 	spwdent.sp_pwdp = towhat;
 	spwdent.sp_lstchg = time(NULL) / (60 * 60 * 24);
+	if (spwdent.sp_lstchg == 0)
+	    spwdent.sp_lstchg = -1; /* Don't request passwort change
+				       only because time isn't set yet. */
 	spwdent.sp_min = spwdent.sp_max = spwdent.sp_warn = spwdent.sp_inact =
 	    spwdent.sp_expire = -1;
 	spwdent.sp_flag = (unsigned long)-1l;