diff options
| author | Jan Zeleny <jzeleny@redhat.com> | 2012-05-01 03:36:37 -0400 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2012-05-04 13:36:42 -0400 |
| commit | bf8cce77a35cb0a3cdb0d21fb9c39b7b6372bc11 (patch) | |
| tree | ba1da22bd4f400edf1ba50563c80ab290e0987bb /src/confdb | |
| parent | 9fd2775fe1ced6ff6a9a3ff7db124fcb52dade5d (diff) | |
| download | sssd-bf8cce77a35cb0a3cdb0d21fb9c39b7b6372bc11.tar.gz sssd-bf8cce77a35cb0a3cdb0d21fb9c39b7b6372bc11.tar.bz2 sssd-bf8cce77a35cb0a3cdb0d21fb9c39b7b6372bc11.zip | |
Modify behavior of pam_pwd_expiration_warning
New option pwd_expiration_warning is introduced which can be set per
domain and can override the value specified by the original
pam_pwd_expiration_warning.
If the value of expiration warning is set to zero, the filter isn't
apllied at all - if backend server returns the warning, it will be
automatically displayed.
Default value for Kerberos: 7 days
Default value for LDAP: don't apply the filter
Technical note: default value when creating the domain is -1. This is
important so we can distinguish between "no value set" and 0. Without
this possibility it would be impossible to set different values for LDAP
and Kerberos provider.
Diffstat (limited to 'src/confdb')
| -rw-r--r-- | src/confdb/confdb.c | 18 | ||||
| -rw-r--r-- | src/confdb/confdb.h | 3 |
2 files changed, 21 insertions, 0 deletions
diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c index d938d4f6..427101e9 100644 --- a/src/confdb/confdb.c +++ b/src/confdb/confdb.c @@ -922,6 +922,24 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, goto done; } + /* Set the PAM warning time, if specified */ + val = ldb_msg_find_attr_as_int(res->msgs[0], + CONFDB_DOMAIN_PWD_EXPIRATION_WARNING, + -1); + if (val > 0) { + /* The value is in days, transform it to seconds */ + val *= 24 * 3600; + } else { + ret = confdb_get_int(cdb, CONFDB_PAM_CONF_ENTRY, + CONFDB_PAM_PWD_EXPIRATION_WARNING, + -1, &val); + if (ret != EOK) { + DEBUG(1, ("Failed to read PAM expiration warning, not fatal.\n")); + val = -1; + } + } + domain->pwd_expiration_warning = val; + ret = get_entry_as_uint32(res->msgs[0], &domain->override_gid, CONFDB_DOMAIN_OVERRIDE_GID, 0); if (ret != EOK) { diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h index b90db303..5ec9f721 100644 --- a/src/confdb/confdb.h +++ b/src/confdb/confdb.h @@ -152,6 +152,7 @@ #define CONFDB_DOMAIN_NETGROUP_CACHE_TIMEOUT "entry_cache_netgroup_timeout" #define CONFDB_DOMAIN_SERVICE_CACHE_TIMEOUT "entry_cache_service_timeout" #define CONFDB_DOMAIN_AUTOFS_CACHE_TIMEOUT "entry_cache_autofs_timeout" +#define CONFDB_DOMAIN_PWD_EXPIRATION_WARNING "pwd_expiration_warning" /* Local Provider */ #define CONFDB_LOCAL_DEFAULT_SHELL "default_shell" @@ -199,6 +200,8 @@ struct sss_domain_info { uint32_t service_timeout; uint32_t autofsmap_timeout; + int pwd_expiration_warning; + struct sysdb_ctx *sysdb; struct sss_domain_info **subdomains; |