From ec9366e51c358b98d6ccd1dbd484077a7ae0c340 Mon Sep 17 00:00:00 2001
From: Georg Pfuetzenreuter
Date: Thu, 26 May 2022 19:53:15 +0200
Subject: Init password expiry notifier

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
---
 scripts/bash/notifypwexp.sh | 150 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 150 insertions(+)
 create mode 100755 scripts/bash/notifypwexp.sh

diff --git a/scripts/bash/notifypwexp.sh b/scripts/bash/notifypwexp.sh
new file mode 100755
index 0000000..7f7d11b
--- /dev/null
+++ b/scripts/bash/notifypwexp.sh
@@ -0,0 +1,150 @@
+#!/bin/bash
+
+# notifypwexp - send mail to users whose passwords are expiring soon
+# designed to be run daily or weekly from cron
+
+# original code by Dennis Williamson
+# modified by Georg Pfuetzenreuter <georg@lysergic.dev>
+
+# ### SETUP ###
+
+#for weekly cron:
+weekmode=7
+
+#for daily cron:
+#weekmode=0
+
+admins="system"
+declare -r aged=21 # minimum days after expiration before admins are emailed, set to 0 for "always"
+
+hostname=`hostname --fqdn`
+
+# /etc/shadow is system dependent
+shadowfile="/etc/shadow"
+# fields in /etc/shadow
+declare -r last=2
+#declare -r may=3 # not used in this script
+declare -r must=4
+declare -r warn=5
+#declare -r grace=6 # not used in this script
+declare -r disable=7
+
+declare -r doesntmust=99999
+declare -r warndefault=7
+
+passwdfile="/etc/passwd"
+declare -r uidfield=3
+declare -r unamefield=1
+# UID range is system dependent
+declare -r uidmin=1000
+declare -r uidmax=65534 # exclusive
+
+# remove the hardcoded path from these progs to use them via $PATH
+# mailx is system dependent
+notifyprog="/bin/mail"
+grepprog="/bin/grep"
+awkprog="/usr/bin/awk"
+dateprog="/bin/date"
+
+# comment out one of these
+#useUTC=""
+useUTC="-u"
+
+# +%s is a GNUism - set it to blank and use dateformat if you have
+# a system that uses something else like epochdays, for example
+epochseconds="+%s"
+dateformat=""   # blank for GNU when epochseconds="+%s"
+secondsperday=86400 # set this to 1 for no division
+#secondsperday=1
+
+today=$(($($dateprog $useUTC $epochseconds $dateformat)/$secondsperday))
+echo "today: $today"
+oIFS=$IFS
+
+# ### END SETUP ###
+
+# ### MAIL TEMPLATES ###
+
+# use single quotes around templates, backslash escapes and substitutions 
+# will be evaluated upon output
+usersubjecttemplate='Your password is expiring soon'
+
+gentemplate_userbody () {
+	local days="$1"
+	userbodytemplate="Your password on $hostname expires in $days days."
+}
+
+adminsubjecttemplate='User Password Expired: $user@$hostname'
+adminbodytemplate='The password for user $user on $hostname expired $age days ago.
+
+Please contact this user about their inactive account and consider whether
+the account should be disabled or deleted.'
+
+# ### END MAIL TEMPLATES ###
+
+# get real users
+users=$($awkprog -F:    -v uidfield=$uidfield \
+            -v unamefield=$unamefield \
+            -v uidmin=$uidmin \
+            -v uidmax=$uidmax \
+            -- '$uidfield>=uidmin && $uidfield<uidmax \
+                {print $unamefield}' $passwdfile)
+
+for user in $users;
+do
+
+    echo "user: $user"
+
+    IFS=":"
+    usershadow=$($grepprog ^$user $shadowfile)
+    echo "usershadow 1: $usershadow"
+
+    # make an array out of it
+    usershadow=($usershadow)
+    echo "usershadow 2: $usershadow"
+
+    IFS=$oIFS
+
+    mustchange=${usershadow[$must]}
+    echo "mustchange: $mustchange"
+
+    disabledate=${usershadow[$disable]:-$doesntmust}
+    echo "disabledate: $disabledate"
+
+    # skip users that aren't expiring or that are disabled
+    if [[ $mustchange -ge $doesntmust || $disabledate -le $today  ]] ; then continue; fi;
+
+    lastchange=${usershadow[$last]}
+    echo "lastchange: $lastchange"
+
+    warndays=${usershadow[$warn]:-$warndefault}
+    echo "warndays: $warndays"
+
+    expdate=$(("$lastchange" + "$mustchange"))
+    echo "expdate: $expdate"
+
+    threshhold=$(($today + $warndays + $weekmode))
+    echo "threshhold: $treshhold"
+
+    if [[ $expdate -lt $threshhold ]];
+
+    gentemplate_userbody "$(($expdate - $today))"
+
+    then
+        if [[ $expdate -ge $today ]];
+        then
+            subject=$(eval "echo \"$usersubjecttemplate\"")
+            body=$(eval "echo \"$userbodytemplate\"")
+            echo -e "$body" | $notifyprog -s "$subject" $user 
+        else
+            if [[ $age -ge $aged ]];
+            then
+                subject=$(eval "echo \"$adminsubjecttemplate\"")
+                body=$(eval "echo \"$adminbodytemplate\"")
+                echo -e "$body" | $notifyprog -s "$subject" $admins
+            fi
+        fi
+    fi
+
+
+done
-- 
cgit v1.2.3