summaryrefslogtreecommitdiffstats
path: root/src/providers/ldap
diff options
context:
space:
mode:
authorPavel Březina <pbrezina@redhat.com>2012-11-19 16:52:36 +0100
committerJakub Hrozek <jhrozek@redhat.com>2012-12-06 11:29:31 +0100
commit9cd9a6776c5afb03e094fb17c8da7ee8fe768285 (patch)
tree5ca0fec2735311e5d820671a08a7b538e6860e9e /src/providers/ldap
parenta0102eed6cdd894fd2b079cfae006e0a62f94777 (diff)
downloadsssd-9cd9a6776c5afb03e094fb17c8da7ee8fe768285.tar.gz
sssd-9cd9a6776c5afb03e094fb17c8da7ee8fe768285.tar.xz
sssd-9cd9a6776c5afb03e094fb17c8da7ee8fe768285.zip
warn user if password is about to expire
https://fedorahosted.org/sssd/ticket/1638 If pwd_exp_warning == 0, expiry warning should be printed if it is returned by server. If pwd_exp_warning > 0, expiry warning should be printed only if the password will expire in time <= pwd_exp_warning. ppolicy->expiry contains period in seconds after which the password expires. Not the exact timestamp. Thus we should not add 'now' to pwd_exp_warning.
Diffstat (limited to 'src/providers/ldap')
-rw-r--r--src/providers/ldap/ldap_auth.c7
1 files changed, 4 insertions, 3 deletions
diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c
index 32a2e04ea..b78fdb8ed 100644
--- a/src/providers/ldap/ldap_auth.c
+++ b/src/providers/ldap/ldap_auth.c
@@ -212,7 +212,6 @@ static errno_t check_pwexpire_ldap(struct pam_data *pd,
if (ppolicy->grace > 0 || ppolicy->expire > 0) {
uint32_t *data;
uint32_t *ptr;
- time_t now = time(NULL);
int ret;
if (pwd_exp_warning < 0) {
@@ -231,10 +230,12 @@ static errno_t check_pwexpire_ldap(struct pam_data *pd,
ptr++;
*ptr = ppolicy->grace;
} else if (ppolicy->expire > 0) {
- if (pwd_exp_warning == 0 ||
- difftime(now + pwd_exp_warning, ppolicy->expire) > 0.0) {
+ if (pwd_exp_warning != 0 && ppolicy->expire > pwd_exp_warning) {
+ /* do not warn */
goto done;
}
+
+ /* send warning */
*ptr = SSS_PAM_USER_INFO_EXPIRE_WARN;
ptr++;
*ptr = ppolicy->expire;