summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorPavel Březina <pbrezina@redhat.com>2012-11-19 16:52:36 +0100
committerJakub Hrozek <jhrozek@redhat.com>2012-12-02 22:06:46 +0100
commit6230ee6822dd61f3591c3c502047b338f09b3292 (patch)
tree41456c42bff9d48183cd144b190fc103b4859365 /src
parentff5934cbe9c02ca3e3d2a851460339f3126202b7 (diff)
downloadsssd-6230ee6822dd61f3591c3c502047b338f09b3292.tar.gz
sssd-6230ee6822dd61f3591c3c502047b338f09b3292.tar.bz2
sssd-6230ee6822dd61f3591c3c502047b338f09b3292.zip
warn user if password is about to expire
https://fedorahosted.org/sssd/ticket/1638 If pwd_exp_warning == 0, expiry warning should be printed if it is returned by server. If pwd_exp_warning > 0, expiry warning should be printed only if the password will expire in time <= pwd_exp_warning. ppolicy->expiry contains period in seconds after which the password expires. Not the exact timestamp. Thus we should not add 'now' to pwd_exp_warning.
Diffstat (limited to 'src')
-rw-r--r--src/providers/ldap/ldap_auth.c7
1 files changed, 4 insertions, 3 deletions
diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c
index 32a2e04e..b78fdb8e 100644
--- a/src/providers/ldap/ldap_auth.c
+++ b/src/providers/ldap/ldap_auth.c
@@ -212,7 +212,6 @@ static errno_t check_pwexpire_ldap(struct pam_data *pd,
if (ppolicy->grace > 0 || ppolicy->expire > 0) {
uint32_t *data;
uint32_t *ptr;
- time_t now = time(NULL);
int ret;
if (pwd_exp_warning < 0) {
@@ -231,10 +230,12 @@ static errno_t check_pwexpire_ldap(struct pam_data *pd,
ptr++;
*ptr = ppolicy->grace;
} else if (ppolicy->expire > 0) {
- if (pwd_exp_warning == 0 ||
- difftime(now + pwd_exp_warning, ppolicy->expire) > 0.0) {
+ if (pwd_exp_warning != 0 && ppolicy->expire > pwd_exp_warning) {
+ /* do not warn */
goto done;
}
+
+ /* send warning */
*ptr = SSS_PAM_USER_INFO_EXPIRE_WARN;
ptr++;
*ptr = ppolicy->expire;