diff options
author | Pavel Březina <pbrezina@redhat.com> | 2012-11-19 16:52:36 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2012-12-02 22:06:46 +0100 |
commit | 6230ee6822dd61f3591c3c502047b338f09b3292 (patch) | |
tree | 41456c42bff9d48183cd144b190fc103b4859365 /src | |
parent | ff5934cbe9c02ca3e3d2a851460339f3126202b7 (diff) | |
download | sssd-6230ee6822dd61f3591c3c502047b338f09b3292.tar.gz sssd-6230ee6822dd61f3591c3c502047b338f09b3292.tar.bz2 sssd-6230ee6822dd61f3591c3c502047b338f09b3292.zip |
warn user if password is about to expire
https://fedorahosted.org/sssd/ticket/1638
If pwd_exp_warning == 0, expiry warning should be printed if it is
returned by server.
If pwd_exp_warning > 0, expiry warning should be printed only if
the password will expire in time <= pwd_exp_warning.
ppolicy->expiry contains period in seconds after which the password
expires. Not the exact timestamp. Thus we should not add 'now' to
pwd_exp_warning.
Diffstat (limited to 'src')
-rw-r--r-- | src/providers/ldap/ldap_auth.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c index 32a2e04e..b78fdb8e 100644 --- a/src/providers/ldap/ldap_auth.c +++ b/src/providers/ldap/ldap_auth.c @@ -212,7 +212,6 @@ static errno_t check_pwexpire_ldap(struct pam_data *pd, if (ppolicy->grace > 0 || ppolicy->expire > 0) { uint32_t *data; uint32_t *ptr; - time_t now = time(NULL); int ret; if (pwd_exp_warning < 0) { @@ -231,10 +230,12 @@ static errno_t check_pwexpire_ldap(struct pam_data *pd, ptr++; *ptr = ppolicy->grace; } else if (ppolicy->expire > 0) { - if (pwd_exp_warning == 0 || - difftime(now + pwd_exp_warning, ppolicy->expire) > 0.0) { + if (pwd_exp_warning != 0 && ppolicy->expire > pwd_exp_warning) { + /* do not warn */ goto done; } + + /* send warning */ *ptr = SSS_PAM_USER_INFO_EXPIRE_WARN; ptr++; *ptr = ppolicy->expire; |