diff options
author | Pavel Reichl <preichl@redhat.com> | 2015-02-19 11:17:36 -0500 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-02-23 13:47:53 +0100 |
commit | e039f1aefecc65a7b3c2d4a13a612bff1dd367c8 (patch) | |
tree | d86b9878bbb80a2718ea30f1ab3afde95f81fd70 /src/responder/pam | |
parent | a61d6d01a4e89ec14175af135e84f1cac55af748 (diff) | |
download | sssd-e039f1aefecc65a7b3c2d4a13a612bff1dd367c8.tar.gz sssd-e039f1aefecc65a7b3c2d4a13a612bff1dd367c8.tar.xz sssd-e039f1aefecc65a7b3c2d4a13a612bff1dd367c8.zip |
PAM: new option pam_account_expired_message
This option sets string to be printed when authenticating using SSH
keys and account is expired.
Resolves:
https://fedorahosted.org/sssd/ticket/2050
Reviewed-by: Sumit Bose <sbose@redhat.com>
Diffstat (limited to 'src/responder/pam')
-rw-r--r-- | src/responder/pam/pamsrv_cmd.c | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c index c874cae61..a9c1b49d7 100644 --- a/src/responder/pam/pamsrv_cmd.c +++ b/src/responder/pam/pamsrv_cmd.c @@ -74,13 +74,14 @@ static errno_t pack_user_info_account_expired(TALLOC_CTX *mem_ctx, return EOK; } -static void inform_account_expired(struct pam_data* pd) +static void inform_account_expired(struct pam_data* pd, + const char *pam_message) { size_t msg_len; uint8_t *msg; errno_t ret; - ret = pack_user_info_account_expired(pd, "", &msg_len, &msg); + ret = pack_user_info_account_expired(pd, pam_message, &msg_len, &msg); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "pack_user_info_account_expired failed.\n"); @@ -544,6 +545,7 @@ static void pam_reply(struct pam_auth_req *preq) uint32_t user_info_type; time_t exp_date = -1; time_t delay_until = -1; + char* pam_account_expired_message; pd = preq->pd; cctx = preq->cctx; @@ -620,7 +622,7 @@ static void pam_reply(struct pam_auth_req *preq) ret = gettimeofday(&tv, NULL); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "gettimeofday failed [%d][%s].\n", - errno, strerror(errno)); + errno, strerror(errno)); goto done; } tv.tv_sec += pd->response_delay; @@ -659,7 +661,11 @@ static void pam_reply(struct pam_auth_req *preq) if (pd->pam_status == PAM_ACCT_EXPIRED && pd->service != NULL && strcasecmp(pd->service, "sshd") == 0) { - inform_account_expired(pd); + ret = confdb_get_string(pctx->rctx->cdb, pd, CONFDB_PAM_CONF_ENTRY, + CONFDB_PAM_ACCOUNT_EXPIRED_MESSAGE, "", + &pam_account_expired_message); + + inform_account_expired(pd, pam_account_expired_message); } ret = filter_responses(pctx->rctx->cdb, pd->resp_list); |