warn user if password is about to expire

https://fedorahosted.org/sssd/ticket/1638 If pwd_exp_warning == 0, expiry warning should be printed if it is returned by server. If pwd_exp_warning > 0, expiry warning should be printed only if the password will expire in time <= pwd_exp_warning. ppolicy->expiry contains period in seconds after which the password expires. Not the exact timestamp. Thus we should not add 'now' to pwd_exp_warning.
author: Pavel Březina <pbrezina@redhat.com> 2012-11-19 16:52:36 +0100
committer: Jakub Hrozek <jhrozek@redhat.com> 2012-12-02 22:06:46 +0100
commit: 6230ee6822dd61f3591c3c502047b338f09b3292 (patch)
tree: 41456c42bff9d48183cd144b190fc103b4859365 /src/providers/ldap/ldap_auth.c
parent: ff5934cbe9c02ca3e3d2a851460339f3126202b7 (diff)
download: sssd-6230ee6822dd61f3591c3c502047b338f09b3292.tar.gz
sssd-6230ee6822dd61f3591c3c502047b338f09b3292.tar.bz2
sssd-6230ee6822dd61f3591c3c502047b338f09b3292.zip
1 files changed, 4 insertions, 3 deletions
diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c
index 32a2e04e..b78fdb8e 100644
--- a/src/providers/ldap/ldap_auth.c
+++ b/src/providers/ldap/ldap_auth.c
@@ -212,7 +212,6 @@ static errno_t check_pwexpire_ldap(struct pam_data *pd,
     if (ppolicy->grace > 0 || ppolicy->expire > 0) {
         uint32_t *data;
         uint32_t *ptr;
-        time_t now = time(NULL);
         int ret;
 
         if (pwd_exp_warning < 0) {
@@ -231,10 +230,12 @@ static errno_t check_pwexpire_ldap(struct pam_data *pd,
             ptr++;
             *ptr = ppolicy->grace;
         } else if (ppolicy->expire > 0) {
-            if (pwd_exp_warning == 0 ||
-                difftime(now + pwd_exp_warning, ppolicy->expire) > 0.0) {
+            if (pwd_exp_warning != 0 && ppolicy->expire > pwd_exp_warning) {
+                /* do not warn */
                 goto done;
             }
+
+            /* send warning */
             *ptr = SSS_PAM_USER_INFO_EXPIRE_WARN;
             ptr++;
             *ptr = ppolicy->expire;
author	Pavel Březina <pbrezina@redhat.com>	2012-11-19 16:52:36 +0100
committer	Jakub Hrozek <jhrozek@redhat.com>	2012-12-02 22:06:46 +0100
commit	6230ee6822dd61f3591c3c502047b338f09b3292 (patch)
tree	41456c42bff9d48183cd144b190fc103b4859365 /src/providers/ldap/ldap_auth.c
parent	ff5934cbe9c02ca3e3d2a851460339f3126202b7 (diff)
download	sssd-6230ee6822dd61f3591c3c502047b338f09b3292.tar.gz sssd-6230ee6822dd61f3591c3c502047b338f09b3292.tar.bz2 sssd-6230ee6822dd61f3591c3c502047b338f09b3292.zip