
#!/bin/sh

SHADOW="/etc/shadow"

ROOT_EMAIL=$(head -1 /etc/applmgmt/root.email)

# 86400 seconds in a day.
TODAY=$(expr $(date +"%s") / 86400)

VALUES=$(grep root $SHADOW | cut -f 3,5,6 -d :)
LAST_DAY=$(echo $VALUES | cut -f 1 -d :)
MAX_DAYS=$(echo $VALUES | cut -f 2 -d :)
WARN_DAYS=$(echo $VALUES | cut -f 3 -d :)

if [ -n "$MAX_DAYS" ] && [ -n "$LAST_DAY" ]; then
   if [ -z "$WARN_DAYS" ]; then
      WARN_DAYS=0
   fi

   DEADLINE=$(expr $LAST_DAY + $MAX_DAYS)
   WARNING_START=$(expr $DEADLINE - $WARN_DAYS)

   DEADLINE_H=$(echo $(chage -l root | grep "Password Expires" | cut -f 2 -d :))

   if [ $TODAY -ge $WARNING_START ] && [ $TODAY -le $DEADLINE ] && \
      [ -n "$ROOT_EMAIL" ]; then
      HOSTNAME=$(hostname -f)

      cat << HEREDOC | sendmail -t
To: $ROOT_EMAIL
Subject: Password expiration warning for vCenter at host $HOSTNAME
From: vCenter Server Appliance <noreply@vmware.com>

Hello!

The root password on host $HOSTNAME expires on $DEADLINE_H. Please change it
or set up passwordless SSH login to avoid getting locked out.

If you have missed the deadline you'll have to boot into the system with
a linux live cd and reset the password manually.

Regards,
the vCenter Server Appliance
HEREDOC
   fi

   # disable the password if it's time and not already done.
   # don't rely on the pam account facility. prepend an x in the shadow file.
   if [ $TODAY -ge $DEADLINE ] ; then
     chage -d 0 root
   fi
fi
