[pam_ldap] - add a proposed patch to avoid losing password expiration warnings relayed via policy controls when

Nalin Dahyabhai nalin at fedoraproject.org
Thu Sep 23 23:52:39 UTC 2010 

commit f38d47944e648fb4fd8f48be5b5e8f25ab450ab4
Author: Nalin Dahyabhai <nalin at redhat.com>
Date:   Thu Sep 23 19:52:19 2010 -0400

    - add a proposed patch to avoid losing password expiration warnings relayed via policy controls when expiration is less than a day away (based on patch from Masahiro Matsuya, #537358, upstream #407)

 pam_ldap-185-expiration4.patch |   61 ++++++++++++++++++++++++++++++++++++++++
 pam_ldap.spec                  |    9 +++++-
 2 files changed, 69 insertions(+), 1 deletions(-)
---
diff --git a/pam_ldap-185-expiration4.patch b/pam_ldap-185-expiration4.patch
new file mode 100644
index 0000000..ac71f70
--- /dev/null
+++ b/pam_ldap-185-expiration4.patch
@@ -0,0 +1,61 @@
+Heavily based on a patch from Masahiro Matsuya.
+
+diff -up pam_ldap-185/pam_ldap.c pam_ldap-185/pam_ldap.c
+--- pam_ldap-185/pam_ldap.c	2010-09-22 18:35:55.377828002 -0400
++++ pam_ldap-185/pam_ldap.c	2010-09-22 19:08:34.938828001 -0400
+@@ -4014,6 +4014,8 @@ pam_sm_acct_mgmt (pam_handle_t * pamh, i
+   time_t currenttime;
+   long int currentday;
+   long int expirein = 0;	/* seconds until password expires */
++  long int expireh = 0;
++  long int expires = 0;
+   const char *configFile = NULL;
+ 
+   for (i = 0; i < argc; i++)
+@@ -4190,14 +4191,29 @@ pam_sm_acct_mgmt (pam_handle_t * pamh, i
+ 	}
+       else
+ 	{
+-	  expirein = session->info->password_expiration_time / SECSPERDAY;
++          if ( session->info->password_expiration_time != 0 )
++            {
++             expires = session->info->password_expiration_time;
++	      expirein = session->info->password_expiration_time / SECSPERDAY;
++              if ( expirein == 0 )
++                {
++                  expireh = session->info->password_expiration_time / SECSPERHOUR;
++                }
++            }
++          else
++            {
++              expirein = 0;
++            }
+ 	}
+ 
+-      if (expirein > 0)
++      if ((expirein > 0) || (expireh > 0) || (expires > 0))
+ 	{
+ 	  snprintf (buf, sizeof buf,
+-		    "Your LDAP password will expire in %ld day%s.",
+-		    expirein, (expirein == 1) ? "" : "s");
++		    "Your LDAP password will expire in %ld %s.",
++		    (expirein == 0) ? expireh : expirein,
++		    (expirein == 0) ?
++		    ((expireh == 1) ? "hour" : "hours") :
++		    ((expirein == 1) ? "day" : "days"));
+ 	  _conv_sendmsg (appconv, buf, PAM_ERROR_MSG, no_warn);
+ 
+ 	  /* we set this to make sure that user can't abort a password change */
+diff -up pam_ldap-185/pam_ldap.h pam_ldap-185/pam_ldap.h
+--- pam_ldap-185/pam_ldap.h	2010-09-22 18:35:55.359828002 -0400
++++ pam_ldap-185/pam_ldap.h	2010-09-22 19:00:56.787828000 -0400
+@@ -226,6 +226,9 @@ pam_ldap_shadow_t;
+ /* Seconds in a day */
+ #define SECSPERDAY 86400
+ 
++/* Seconds in an hour */
++#define SECSPERHOUR 3600
++
+ /* Netscape per-use password attributes. Unused except for DN. */
+ typedef struct pam_ldap_user_info
+   {
diff --git a/pam_ldap.spec b/pam_ldap.spec
index 73f509c..9736409 100644
--- a/pam_ldap.spec
+++ b/pam_ldap.spec
@@ -7,7 +7,7 @@
 Summary: PAM module for LDAP
 Name: pam_ldap
 Version: 185
-Release: 5%{?dist}
+Release: 6%{?dist}
 URL: http://www.padl.com/OSS/pam_ldap.html
 License: LGPLv2+
 Group: System Environment/Base
@@ -22,6 +22,7 @@ Patch7: pam_ldap-182-manpointer.patch
 Patch13: pam_ldap-176-exop-modify.patch
 Patch20: pam_ldap-184-nsrole.patch
 Patch23: pam_ldap-183-releaseconfig.patch
+Patch24: pam_ldap-185-expiration4.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires: autoconf, automake, libtool
@@ -50,6 +51,7 @@ cp nss_ldap-%{nss_ldap_version}/snprintf.h .
 %patch13 -p1 -b .exop-modify
 %patch20 -p1 -b .nsrole
 %patch23 -p1 -b .releaseconfig
+%patch24 -p1 -b .expiration4
 sed -i -e 's,^ldap.conf$,%{name}.conf,g' *.5
 sed -i -e 's,^/etc/ldap\.,/etc/%{name}.,g' *.5
 sed -i -e 's,in ldap.conf,in %{name}.conf,g' *.5
@@ -127,6 +129,11 @@ fi
 %attr(0600,root,root) %ghost %config(noreplace) /etc/%{name}.secret
 
 %changelog
+* Thu Sep 23 2010 Nalin Dahyabhai <nalin at redhat.com> 185-6
+- add a proposed patch to avoid losing password expiration warnings relayed
+  via policy controls when expiration is less than a day away (based on
+  patch from Masahiro Matsuya, #537358, upstream #407)
+
 * Thu Mar 23 2010 Nalin Dahyabhai <nalin at redhat.com> 185-5
 - require the pam package explicitly, so that /%%{_lib}/security won't be
   an orphaned directory (part of #553857)

More information about the scm-commits mailing list