2 files changed, 98 insertions, 7 deletions

diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c
index 2ba6f158e..07ed4e721 100644
--- a/src/sss_client/pam_sss.c
+++ b/src/sss_client/pam_sss.c
@@ -3,6 +3,7 @@
         Sumit Bose <sbose@redhat.com>
 
     Copyright (C) 2009 Red Hat
+    Copyright (C) 2010, rhafer@suse.de, Novell Inc.
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU Lesser General Public License as published by
@@ -436,6 +437,81 @@ static int user_info_offline_auth(pam_handle_t *pamh, size_t buflen,
     return PAM_SUCCESS;
 }
 
+static int user_info_grace_login(pam_handle_t *pamh,
+                                 size_t buflen,
+                                 uint8_t *buf)
+{
+    int ret;
+    uint32_t grace;
+    char user_msg[256];
+
+    if (buflen != 2* sizeof(uint32_t)) {
+        D(("User info response data has the wrong size"));
+        return PAM_BUF_ERR;
+    }
+    memcpy(&grace, buf + sizeof(uint32_t), sizeof(uint32_t));
+    ret = snprintf(user_msg, sizeof(user_msg),
+                   _("Your password has expired. "
+                     "You have %d grace login(s) remaining."),
+                   grace);
+    if (ret < 0 || ret >= sizeof(user_msg)) {
+        D(("snprintf failed."));
+        return PAM_SYSTEM_ERR;
+    }
+    ret = do_pam_conversation(pamh, PAM_TEXT_INFO, user_msg, NULL, NULL);
+
+    if (ret != PAM_SUCCESS) {
+        D(("do_pam_conversation failed."));
+        return PAM_SYSTEM_ERR;
+    }
+
+    return PAM_SUCCESS;
+}
+
+#define MINSEC 60
+#define HOURSEC (60*MINSEC)
+#define DAYSEC (24*HOURSEC)
+static int user_info_expire_warn(pam_handle_t *pamh,
+                                 size_t buflen,
+                                 uint8_t *buf)
+{
+    int ret;
+    uint32_t expire;
+    char user_msg[256];
+    const char* unit="second(s)";
+
+    if (buflen != 2* sizeof(uint32_t)) {
+        D(("User info response data has the wrong size"));
+        return PAM_BUF_ERR;
+    }
+    memcpy(&expire, buf + sizeof(uint32_t), sizeof(uint32_t));
+    if (expire >= DAYSEC) {
+        expire /= DAYSEC;
+        unit = "day(s)";
+    } else if (expire >= HOURSEC) {
+        expire /= HOURSEC;
+        unit = "hour(s)";
+    } else if (expire >= MINSEC) {
+        expire /= MINSEC;
+        unit = "minute(s)";
+    }
+
+    ret = snprintf(user_msg, sizeof(user_msg),
+                   _("Your password will expire in %d %s."), expire, unit);
+    if (ret < 0 || ret >= sizeof(user_msg)) {
+        D(("snprintf failed."));
+        return PAM_SYSTEM_ERR;
+    }
+    ret = do_pam_conversation(pamh, PAM_TEXT_INFO, user_msg, NULL, NULL);
+
+    if (ret != PAM_SUCCESS) {
+        D(("do_pam_conversation failed."));
+        return PAM_SYSTEM_ERR;
+    }
+
+    return PAM_SUCCESS;
+}
+
 static int user_info_offline_auth_delayed(pam_handle_t *pamh, size_t buflen,
                                   uint8_t *buf)
 {
@@ -563,6 +639,12 @@ static int eval_user_info_response(pam_handle_t *pamh, size_t buflen,
         case SSS_PAM_USER_INFO_OFFLINE_AUTH:
             ret = user_info_offline_auth(pamh, buflen, buf);
             break;
+        case SSS_PAM_USER_INFO_GRACE_LOGIN:
+            ret = user_info_grace_login(pamh, buflen, buf);
+            break;
+        case SSS_PAM_USER_INFO_EXPIRE_WARN:
+            ret = user_info_expire_warn(pamh, buflen, buf);
+            break;
         case SSS_PAM_USER_INFO_OFFLINE_AUTH_DELAYED:
             ret = user_info_offline_auth_delayed(pamh, buflen, buf);
             break;
diff --git a/src/sss_client/sss_cli.h b/src/sss_client/sss_cli.h
index 2edd158db..f38726579 100644
--- a/src/sss_client/sss_cli.h
+++ b/src/sss_client/sss_cli.h
@@ -377,13 +377,22 @@ enum user_info_type {
                                        * possible to change the password while
                                        * the system is offline. This message
                                        * is generated by the PAM responder. */
-    SSS_PAM_USER_INFO_CHPASS_ERROR /**< Tell the user that a password change
-                                    * failed and optionally give a reason.
-                                    * @param Size of the message as unsigned
-                                    * 32-bit integer value. A value of 0
-                                    * indicates that no message is following.
-                                    * @param String with the specified
-                                    * length. */
+    SSS_PAM_USER_INFO_CHPASS_ERROR, /**< Tell the user that a password change
+                                     * failed and optionally give a reason.
+                                     * @param Size of the message as unsigned
+                                     * 32-bit integer value. A value of 0
+                                     * indicates that no message is following.
+                                     * @param String with the specified
+                                     * length. */
+    SSS_PAM_USER_INFO_GRACE_LOGIN, /**< Warn the user that the password is
+                                    * expired and inform about the remaining
+                                    * number of grace logins.
+                                    * @param The number of remaining grace
+                                    * logins as uint32_t */
+    SSS_PAM_USER_INFO_EXPIRE_WARN /**< Warn the user that the password will
+                                   * expire soon.
+                                   * @param Number of seconds before the user's
+                                   * password will expire. */
 };
 /**
  * @}