From 497e0fc7010969759c8247f7013a89589c44234a Mon Sep 17 00:00:00 2001
From: Kai Kang <kai.kang@windriver.com>
Date: Thu, 17 Dec 2020 18:12:29 +0800
Subject: [PATCH 3/8] check whether password expired with pam

Introduce a new enum AuthResult type AUTH_PASSWD_EXPIRE. When user's
password is expired, return it. Only work with pam.

Upstream-Status: Submitted [https://sourceforge.net/p/lxdm/code/merge-requests/1/]

Signed-off-by: Kai Kang <kai.kang@windriver.com>
---
 src/lxdm.h | 1 +
 src/pam.c  | 4 ++++
 2 files changed, 5 insertions(+)

diff --git a/src/lxdm.h b/src/lxdm.h
index 568573f..1c2f837 100644
--- a/src/lxdm.h
+++ b/src/lxdm.h
@@ -41,6 +41,7 @@ enum AuthResult
     AUTH_SUCCESS,
     AUTH_BAD_USER,
     AUTH_FAIL,
+    AUTH_PASSWD_EXPIRE,
     AUTH_PRIV,
     AUTH_ERROR
 };
diff --git a/src/pam.c b/src/pam.c
index 43bd687..16a36f0 100644
--- a/src/pam.c
+++ b/src/pam.c
@@ -257,6 +257,10 @@ int lxdm_auth_user_authenticate(LXDM_AUTH *a,const char *user,const char *pass,i
 			return AUTH_FAIL;
 		}
 		ret=pam_acct_mgmt(a->handle,PAM_SILENT);
+		if (ret == PAM_NEW_AUTHTOK_REQD) {
+			g_debug("user %s account has expired\n", user);
+			return AUTH_PASSWD_EXPIRE;
+		}
 		if(ret!=PAM_SUCCESS)
 		{
 			g_debug("user %s acct mgmt fail with %d\n",user,ret);
-- 
2.25.1