[pam_ldap] - add a proposed patch to avoid losing password expiration warnings relayed via policy controls when
Nalin Dahyabhai
nalin at fedoraproject.org
Thu Sep 23 23:52:39 UTC 2010
commit f38d47944e648fb4fd8f48be5b5e8f25ab450ab4
Author: Nalin Dahyabhai <nalin at redhat.com>
Date: Thu Sep 23 19:52:19 2010 -0400
- add a proposed patch to avoid losing password expiration warnings relayed via policy controls when expiration is less than a day away (based on patch from Masahiro Matsuya, #537358, upstream #407)
pam_ldap-185-expiration4.patch | 61 ++++++++++++++++++++++++++++++++++++++++
pam_ldap.spec | 9 +++++-
2 files changed, 69 insertions(+), 1 deletions(-)
---
diff --git a/pam_ldap-185-expiration4.patch b/pam_ldap-185-expiration4.patch
new file mode 100644
index 0000000..ac71f70
--- /dev/null
+++ b/pam_ldap-185-expiration4.patch
@@ -0,0 +1,61 @@
+Heavily based on a patch from Masahiro Matsuya.
+
+diff -up pam_ldap-185/pam_ldap.c pam_ldap-185/pam_ldap.c
+--- pam_ldap-185/pam_ldap.c 2010-09-22 18:35:55.377828002 -0400
++++ pam_ldap-185/pam_ldap.c 2010-09-22 19:08:34.938828001 -0400
+@@ -4014,6 +4014,8 @@ pam_sm_acct_mgmt (pam_handle_t * pamh, i
+ time_t currenttime;
+ long int currentday;
+ long int expirein = 0; /* seconds until password expires */
++ long int expireh = 0;
++ long int expires = 0;
+ const char *configFile = NULL;
+
+ for (i = 0; i < argc; i++)
+@@ -4190,14 +4191,29 @@ pam_sm_acct_mgmt (pam_handle_t * pamh, i
+ }
+ else
+ {
+- expirein = session->info->password_expiration_time / SECSPERDAY;
++ if ( session->info->password_expiration_time != 0 )
++ {
++ expires = session->info->password_expiration_time;
++ expirein = session->info->password_expiration_time / SECSPERDAY;
++ if ( expirein == 0 )
++ {
++ expireh = session->info->password_expiration_time / SECSPERHOUR;
++ }
++ }
++ else
++ {
++ expirein = 0;
++ }
+ }
+
+- if (expirein > 0)
++ if ((expirein > 0) || (expireh > 0) || (expires > 0))
+ {
+ snprintf (buf, sizeof buf,
+- "Your LDAP password will expire in %ld day%s.",
+- expirein, (expirein == 1) ? "" : "s");
++ "Your LDAP password will expire in %ld %s.",
++ (expirein == 0) ? expireh : expirein,
++ (expirein == 0) ?
++ ((expireh == 1) ? "hour" : "hours") :
++ ((expirein == 1) ? "day" : "days"));
+ _conv_sendmsg (appconv, buf, PAM_ERROR_MSG, no_warn);
+
+ /* we set this to make sure that user can't abort a password change */
+diff -up pam_ldap-185/pam_ldap.h pam_ldap-185/pam_ldap.h
+--- pam_ldap-185/pam_ldap.h 2010-09-22 18:35:55.359828002 -0400
++++ pam_ldap-185/pam_ldap.h 2010-09-22 19:00:56.787828000 -0400
+@@ -226,6 +226,9 @@ pam_ldap_shadow_t;
+ /* Seconds in a day */
+ #define SECSPERDAY 86400
+
++/* Seconds in an hour */
++#define SECSPERHOUR 3600
++
+ /* Netscape per-use password attributes. Unused except for DN. */
+ typedef struct pam_ldap_user_info
+ {
diff --git a/pam_ldap.spec b/pam_ldap.spec
index 73f509c..9736409 100644
--- a/pam_ldap.spec
+++ b/pam_ldap.spec
@@ -7,7 +7,7 @@
Summary: PAM module for LDAP
Name: pam_ldap
Version: 185
-Release: 5%{?dist}
+Release: 6%{?dist}
URL: http://www.padl.com/OSS/pam_ldap.html
License: LGPLv2+
Group: System Environment/Base
@@ -22,6 +22,7 @@ Patch7: pam_ldap-182-manpointer.patch
Patch13: pam_ldap-176-exop-modify.patch
Patch20: pam_ldap-184-nsrole.patch
Patch23: pam_ldap-183-releaseconfig.patch
+Patch24: pam_ldap-185-expiration4.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: autoconf, automake, libtool
@@ -50,6 +51,7 @@ cp nss_ldap-%{nss_ldap_version}/snprintf.h .
%patch13 -p1 -b .exop-modify
%patch20 -p1 -b .nsrole
%patch23 -p1 -b .releaseconfig
+%patch24 -p1 -b .expiration4
sed -i -e 's,^ldap.conf$,%{name}.conf,g' *.5
sed -i -e 's,^/etc/ldap\.,/etc/%{name}.,g' *.5
sed -i -e 's,in ldap.conf,in %{name}.conf,g' *.5
@@ -127,6 +129,11 @@ fi
%attr(0600,root,root) %ghost %config(noreplace) /etc/%{name}.secret
%changelog
+* Thu Sep 23 2010 Nalin Dahyabhai <nalin at redhat.com> 185-6
+- add a proposed patch to avoid losing password expiration warnings relayed
+ via policy controls when expiration is less than a day away (based on
+ patch from Masahiro Matsuya, #537358, upstream #407)
+
* Thu Mar 23 2010 Nalin Dahyabhai <nalin at redhat.com> 185-5
- require the pam package explicitly, so that /%%{_lib}/security won't be
an orphaned directory (part of #553857)
More information about the scm-commits
mailing list