|
 |
db96ff |
From d4849e30b0c27878ee1167784c82b15c371781a8 Mon Sep 17 00:00:00 2001
|
|
|
db96ff |
From: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
db96ff |
Date: Wed, 14 Aug 2019 09:39:53 +0200
|
|
|
db96ff |
Subject: [PATCH 22/23] Backport the human readable password policy reply
|
|
|
db96ff |
|
|
|
db96ff |
---
|
|
|
db96ff |
nslcd/myldap.c | 66 ++++++++++++++++++++++++++++++++++++++++++++------
|
|
|
db96ff |
1 file changed, 59 insertions(+), 7 deletions(-)
|
|
|
db96ff |
|
|
|
db96ff |
diff --git a/nslcd/myldap.c b/nslcd/myldap.c
|
|
|
db96ff |
index 738a782..f83137a 100644
|
|
|
db96ff |
--- a/nslcd/myldap.c
|
|
|
db96ff |
+++ b/nslcd/myldap.c
|
|
|
db96ff |
@@ -405,6 +405,63 @@ static int do_sasl_interact(LDAP UNUSED(*ld),unsigned UNUSED(flags),void *defaul
|
|
|
db96ff |
#endif /* HAVE_SASL_INTERACT_T */
|
|
|
db96ff |
|
|
|
db96ff |
#if defined(HAVE_LDAP_SASL_BIND) && defined(LDAP_SASL_SIMPLE)
|
|
|
db96ff |
+static void print_ppolicy_expiry(MYLDAP_SESSION *session, unsigned int sec)
|
|
|
db96ff |
+{
|
|
|
db96ff |
+ unsigned int days = 0;
|
|
|
db96ff |
+ unsigned int hours = 0;
|
|
|
db96ff |
+ unsigned int minutes = 0;
|
|
|
db96ff |
+ /* return this warning so PAM can present it to the user */
|
|
|
db96ff |
+ if (strlen(session->policy_message) != 0)
|
|
|
db96ff |
+ return;
|
|
|
db96ff |
+ if (sec > 24 * 3600)
|
|
|
db96ff |
+ {
|
|
|
db96ff |
+ days = sec / (24 * 3600);
|
|
|
db96ff |
+ sec -= days * 24 * 3600;
|
|
|
db96ff |
+ }
|
|
|
db96ff |
+ if (sec > 3600)
|
|
|
db96ff |
+ {
|
|
|
db96ff |
+ hours = sec / 3600;
|
|
|
db96ff |
+ sec -= (hours * 3600);
|
|
|
db96ff |
+ }
|
|
|
db96ff |
+ if (sec > 60)
|
|
|
db96ff |
+ {
|
|
|
db96ff |
+ minutes = sec / 60;
|
|
|
db96ff |
+ sec -= minutes * 60;
|
|
|
db96ff |
+ }
|
|
|
db96ff |
+ if (days > 1)
|
|
|
db96ff |
+ mysnprintf(session->policy_message, sizeof(session->policy_message),
|
|
|
db96ff |
+ "Password will expires in %u days", days);
|
|
|
db96ff |
+ else if (days > 0)
|
|
|
db96ff |
+ mysnprintf(session->policy_message, sizeof(session->policy_message),
|
|
|
db96ff |
+ "Password will expires in %u hours", hours + 24);
|
|
|
db96ff |
+ else if (hours > 1)
|
|
|
db96ff |
+ {
|
|
|
db96ff |
+ if (minutes > 1)
|
|
|
db96ff |
+ mysnprintf(session->policy_message, sizeof(session->policy_message),
|
|
|
db96ff |
+ "Password will expires in %u hours and %u minutes",
|
|
|
db96ff |
+ hours, minutes);
|
|
|
db96ff |
+ else
|
|
|
db96ff |
+ mysnprintf(session->policy_message, sizeof(session->policy_message),
|
|
|
db96ff |
+ "Password will expires in %u hours", hours);
|
|
|
db96ff |
+ }
|
|
|
db96ff |
+ else if (hours > 0)
|
|
|
db96ff |
+ mysnprintf(session->policy_message, sizeof(session->policy_message),
|
|
|
db96ff |
+ "Password will expires in %u minutes", minutes + 60);
|
|
|
db96ff |
+ else if (minutes > 1)
|
|
|
db96ff |
+ {
|
|
|
db96ff |
+ if (sec > 1)
|
|
|
db96ff |
+ mysnprintf(session->policy_message, sizeof(session->policy_message),
|
|
|
db96ff |
+ "Password will expires in %u minutes and %u seconds",
|
|
|
db96ff |
+ minutes, sec);
|
|
|
db96ff |
+ else
|
|
|
db96ff |
+ mysnprintf(session->policy_message, sizeof(session->policy_message),
|
|
|
db96ff |
+ "Password will expires in %u minutes", minutes);
|
|
|
db96ff |
+ }
|
|
|
db96ff |
+ else
|
|
|
db96ff |
+ mysnprintf(session->policy_message, sizeof(session->policy_message),
|
|
|
db96ff |
+ "Password will expires in %u seconds", sec);
|
|
|
db96ff |
+}
|
|
|
db96ff |
+
|
|
|
db96ff |
static void handle_ppolicy_controls(MYLDAP_SESSION *session, LDAP *ld, LDAPControl **ctrls)
|
|
|
db96ff |
{
|
|
|
db96ff |
int i;
|
|
|
db96ff |
@@ -434,11 +491,7 @@ static void handle_ppolicy_controls(MYLDAP_SESSION *session, LDAP *ld, LDAPContr
|
|
|
db96ff |
log_log(LOG_DEBUG, "got LDAP_CONTROL_PWEXPIRING (password will expire in %ld seconds)",
|
|
|
db96ff |
sec);
|
|
|
db96ff |
/* return this warning so PAM can present it to the user */
|
|
|
db96ff |
- if (strlen(session->policy_message) == 0)
|
|
|
db96ff |
- {
|
|
|
db96ff |
- mysnprintf(session->policy_message, sizeof(session->policy_message),
|
|
|
db96ff |
- "password will expire in %ld seconds", sec);
|
|
|
db96ff |
- }
|
|
|
db96ff |
+ print_ppolicy_expiry(session, (unsigned int)sec);
|
|
|
db96ff |
}
|
|
|
db96ff |
else if (strcmp(ctrls[i]->ldctl_oid, LDAP_CONTROL_PASSWORDPOLICYRESPONSE) == 0)
|
|
|
db96ff |
{
|
|
|
db96ff |
@@ -502,8 +555,7 @@ static void handle_ppolicy_controls(MYLDAP_SESSION *session, LDAP *ld, LDAPContr
|
|
|
db96ff |
{
|
|
|
db96ff |
/* if no other error has happened, this indicates that the password
|
|
|
db96ff |
will soon expire (number of seconds) */
|
|
|
db96ff |
- mysnprintf(session->policy_message, sizeof(session->policy_message),
|
|
|
db96ff |
- "Password will expire in %d seconds", expire);
|
|
|
db96ff |
+ print_ppolicy_expiry(session, (unsigned int)expire);
|
|
|
db96ff |
}
|
|
|
db96ff |
else if ((grace >= 0) && (strlen(session->policy_message) == 0))
|
|
|
db96ff |
{
|
|
|
db96ff |
--
|
|
|
db96ff |
2.20.1
|
|
|
db96ff |
|