From d4849e30b0c27878ee1167784c82b15c371781a8 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Wed, 14 Aug 2019 09:39:53 +0200 Subject: [PATCH 22/23] Backport the human readable password policy reply --- nslcd/myldap.c | 66 ++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 59 insertions(+), 7 deletions(-) diff --git a/nslcd/myldap.c b/nslcd/myldap.c index 738a782..f83137a 100644 --- a/nslcd/myldap.c +++ b/nslcd/myldap.c @@ -405,6 +405,63 @@ static int do_sasl_interact(LDAP UNUSED(*ld),unsigned UNUSED(flags),void *defaul #endif /* HAVE_SASL_INTERACT_T */ #if defined(HAVE_LDAP_SASL_BIND) && defined(LDAP_SASL_SIMPLE) +static void print_ppolicy_expiry(MYLDAP_SESSION *session, unsigned int sec) +{ + unsigned int days = 0; + unsigned int hours = 0; + unsigned int minutes = 0; + /* return this warning so PAM can present it to the user */ + if (strlen(session->policy_message) != 0) + return; + if (sec > 24 * 3600) + { + days = sec / (24 * 3600); + sec -= days * 24 * 3600; + } + if (sec > 3600) + { + hours = sec / 3600; + sec -= (hours * 3600); + } + if (sec > 60) + { + minutes = sec / 60; + sec -= minutes * 60; + } + if (days > 1) + mysnprintf(session->policy_message, sizeof(session->policy_message), + "Password will expires in %u days", days); + else if (days > 0) + mysnprintf(session->policy_message, sizeof(session->policy_message), + "Password will expires in %u hours", hours + 24); + else if (hours > 1) + { + if (minutes > 1) + mysnprintf(session->policy_message, sizeof(session->policy_message), + "Password will expires in %u hours and %u minutes", + hours, minutes); + else + mysnprintf(session->policy_message, sizeof(session->policy_message), + "Password will expires in %u hours", hours); + } + else if (hours > 0) + mysnprintf(session->policy_message, sizeof(session->policy_message), + "Password will expires in %u minutes", minutes + 60); + else if (minutes > 1) + { + if (sec > 1) + mysnprintf(session->policy_message, sizeof(session->policy_message), + "Password will expires in %u minutes and %u seconds", + minutes, sec); + else + mysnprintf(session->policy_message, sizeof(session->policy_message), + "Password will expires in %u minutes", minutes); + } + else + mysnprintf(session->policy_message, sizeof(session->policy_message), + "Password will expires in %u seconds", sec); +} + static void handle_ppolicy_controls(MYLDAP_SESSION *session, LDAP *ld, LDAPControl **ctrls) { int i; @@ -434,11 +491,7 @@ static void handle_ppolicy_controls(MYLDAP_SESSION *session, LDAP *ld, LDAPContr log_log(LOG_DEBUG, "got LDAP_CONTROL_PWEXPIRING (password will expire in %ld seconds)", sec); /* return this warning so PAM can present it to the user */ - if (strlen(session->policy_message) == 0) - { - mysnprintf(session->policy_message, sizeof(session->policy_message), - "password will expire in %ld seconds", sec); - } + print_ppolicy_expiry(session, (unsigned int)sec); } else if (strcmp(ctrls[i]->ldctl_oid, LDAP_CONTROL_PASSWORDPOLICYRESPONSE) == 0) { @@ -502,8 +555,7 @@ static void handle_ppolicy_controls(MYLDAP_SESSION *session, LDAP *ld, LDAPContr { /* if no other error has happened, this indicates that the password will soon expire (number of seconds) */ - mysnprintf(session->policy_message, sizeof(session->policy_message), - "Password will expire in %d seconds", expire); + print_ppolicy_expiry(session, (unsigned int)expire); } else if ((grace >= 0) && (strlen(session->policy_message) == 0)) { -- 2.20.1