Hello community, here is the log from the commit of package pam_ldap checked in at Fri Aug 29 01:29:39 CEST 2008. -------- --- pam_ldap/pam_ldap.changes 2008-05-08 11:19:28.000000000 +0200 +++ pam_ldap/pam_ldap.changes 2008-08-28 18:15:04.000000000 +0200 @@ -1,0 +2,6 @@ +Thu Aug 28 18:12:50 CEST 2008 - rhafer@suse.de + +- improve Password expiration warnings +- inform user about grace logins (bnc#420051) + +------------------------------------------------------------------- New: ---- pam_ldap-expirewarning.dif ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pam_ldap.spec ++++++ --- /var/tmp/diff_new_pack.M12277/_old 2008-08-29 01:26:58.000000000 +0200 +++ /var/tmp/diff_new_pack.M12277/_new 2008-08-29 01:26:58.000000000 +0200 @@ -2,9 +2,16 @@ # spec file for package pam_ldap (Version 184) # # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. -# This file and all modifications and additions to the pristine -# package are under the same license as the package itself. # +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + # Please submit bugfixes or comments via http://bugs.opensuse.org/ # @@ -17,13 +24,14 @@ Group: Productivity/Networking/LDAP/Clients AutoReqProv: on Version: 184 -Release: 103 +Release: 135 Summary: A PAM Module for LDAP Authentication Url: http://www.padl.com/OSS/pam_ldap.html Source: pam_ldap-%{version}.tar.bz2 Source1: README.SuSE Patch: pam_ldap.patch Patch1: pam_ldap-ppolicy-referral-fix.dif +Patch2: pam_ldap-expirewarning.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -44,6 +52,7 @@ %setup %patch -E %patch1 -p1 +%patch2 -p1 cp -v %{S:1} . %{suse_update_libdir README pam_ldap.c pam.conf} @@ -71,6 +80,9 @@ /%{_lib}/security/pam_ldap.so %changelog +* Thu Aug 28 2008 rhafer@suse.de +- improve Password expiration warnings +- inform user about grace logins (bnc#420051) * Thu May 08 2008 rhafer@suse.de - Fixed chasing of referrals and search references that are received during the initial (unauthenticated) search. ++++++ pam_ldap-expirewarning.dif ++++++ Index: pam_ldap-184/pam_ldap.c =================================================================== --- pam_ldap-184.orig/pam_ldap.c +++ pam_ldap-184/pam_ldap.c @@ -4080,6 +4080,7 @@ pam_sm_acct_mgmt (pam_handle_t * pamh, i */ if (session->info->policy_error != POLICY_ERROR_PASSWORD_EXPIRED) { + const char *expire_unit = "day"; if (session->info->shadow.warn > 0) /* shadowAccount */ { /* @@ -4096,14 +4097,47 @@ pam_sm_acct_mgmt (pam_handle_t * pamh, i } else { - expirein = session->info->password_expiration_time / SECSPERDAY; + if ( session->info->password_expiration_time > SECSPERDAY ) + { + expirein = session->info->password_expiration_time / SECSPERDAY; + expire_unit = "day"; + } + else if ( session->info->password_expiration_time > SECSPERHOUR ) + { + expirein = session->info->password_expiration_time / SECSPERHOUR; + expire_unit = "hour"; + } + else if ( session->info->password_expiration_time > SECSPERMIN ) + { + expirein = session->info->password_expiration_time / SECSPERMIN; + expire_unit = "minute"; + } + else + { + expirein = session->info->password_expiration_time; + expire_unit = "second"; + } } if (expirein > 0) { snprintf (buf, sizeof buf, - "Your LDAP password will expire in %ld day%s.", - expirein, (expirein == 1) ? "" : "s"); + "Your LDAP password will expire in %ld %s%s.", + expirein, expire_unit, (expirein == 1) ? "" : "s"); + _conv_sendmsg (appconv, buf, PAM_TEXT_INFO, no_warn); + + /* we set this to make sure that user can't abort a password change */ + (void) pam_set_data (pamh, PADL_LDAP_AUTHTOK_DATA, + (void *) strdup (username), _cleanup_data); + } + if (session->info->grace_logins_remaining > 0) + { + snprintf (buf, sizeof buf, + "Your LDAP password has expired. " + "You have %ld grace login%s remaining. " + "Please change your password as soon as possible", + session->info->grace_logins_remaining, + (session->info->grace_logins_remaining == 1) ? "" : "s"); _conv_sendmsg (appconv, buf, PAM_TEXT_INFO, no_warn); /* we set this to make sure that user can't abort a password change */ Index: pam_ldap-184/pam_ldap.h =================================================================== --- pam_ldap-184.orig/pam_ldap.h +++ pam_ldap-184/pam_ldap.h @@ -222,7 +222,9 @@ pam_ldap_shadow_t; #endif /* Seconds in a day */ -#define SECSPERDAY 86400 +#define SECSPERMIN 60 +#define SECSPERHOUR (60*SECSPERMIN) +#define SECSPERDAY (24*SECSPERHOUR) /* Netscape per-use password attributes. Unused except for DN. */ typedef struct pam_ldap_user_info ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org
participants (1)
-
root@Hilbert.suse.de