commit ce89bfcd3b4744675bd32bb83f87c4148837ecf8
author Jiaqing Zhao <jiaqing.zhao@intel.com> Thu Dec 02 21:26:01 2021 +0800
committer Jiaqing Zhao <jiaqing.zhao@intel.com> Fri Dec 03 11:56:06 2021 +0800
tree 0ce81b74eb0965d614602c9d9033c6f740df61df
parent ce4e1aa087ca4ce62069106482285c1acf13499b

Set expiry date to 1970-01-01 to disable account

Currently, we set the expiry date to 1970-01-02 to disable account.
When BMC time is 1970-01-01 (default time when RTC is not present),
disabling account will not work as expected. This patch fixes this
issue by setting the expiry date to 1970-01-01.

Tested:
Verified account will no longer be able to log in after disabling it
on 1970-01-01.

Change-Id: Idee0976a5844d742c09bc9ab7383b81a20fadc23
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@intel.com>

user_mgr.cpp

diff --git a/user_mgr.cpp b/user_mgr.cpp
index 19b73b8..307c810 100644
--- a/user_mgr.cpp
+++ b/user_mgr.cpp
@@ -320,10 +320,12 @@
     }
     try
     {
+        // set EXPIRE_DATE to 0 to disable user, PAM takes 0 as expire on
+        // 1970-01-01, that's an implementation-defined behavior
         executeCmd("/usr/sbin/useradd", userName.c_str(), "-G", groups.c_str(),
                    "-m", "-N", "-s",
                    (sshRequested ? "/bin/sh" : "/bin/nologin"), "-e",
-                   (enabled ? "" : "1970-01-02"));
+                   (enabled ? "" : "1970-01-01"));
     }
     catch (const InternalFailure& e)
     {
@@ -649,8 +651,10 @@
     throwForUserDoesNotExist(userName);
     try
     {
+        // set EXPIRE_DATE to 0 to disable user, PAM takes 0 as expire on
+        // 1970-01-01, that's an implementation-defined behavior
         executeCmd("/usr/sbin/usermod", userName.c_str(), "-e",
-                   (enabled ? "" : "1970-01-02"));
+                   (enabled ? "" : "1970-01-01"));
     }
     catch (const InternalFailure& e)
     {