Overview

File pam_ldap-expirewarning.dif of Package pam_ldap.8244

Index: pam_ldap-184/pam_ldap.c
===================================================================
--- pam_ldap-184.orig/pam_ldap.c
+++ pam_ldap-184/pam_ldap.c
@@ -4080,6 +4080,7 @@ pam_sm_acct_mgmt (pam_handle_t * pamh, i
    */
   if (session->info->policy_error != POLICY_ERROR_PASSWORD_EXPIRED)
     {
+      const char *expire_unit = "day";
       if (session->info->shadow.warn > 0)	/* shadowAccount */
 	{
 	  /*
@@ -4096,14 +4097,47 @@ pam_sm_acct_mgmt (pam_handle_t * pamh, i
 	}
       else
 	{
-	  expirein = session->info->password_expiration_time / SECSPERDAY;
+          if ( session->info->password_expiration_time > SECSPERDAY )
+            {
+	      expirein = session->info->password_expiration_time / SECSPERDAY;
+              expire_unit = "day";
+            }
+          else if ( session->info->password_expiration_time > SECSPERHOUR )
+            {
+	      expirein = session->info->password_expiration_time / SECSPERHOUR;
+              expire_unit = "hour";
+            }
+          else if ( session->info->password_expiration_time > SECSPERMIN )
+            {
+	      expirein = session->info->password_expiration_time / SECSPERMIN;
+              expire_unit = "minute";
+            }
+          else
+            {
+	      expirein = session->info->password_expiration_time;
+              expire_unit = "second";
+            }
 	}
 
       if (expirein > 0)
 	{
 	  snprintf (buf, sizeof buf,
-		    "Your LDAP password will expire in %ld day%s.",
-		    expirein, (expirein == 1) ? "" : "s");
+		    "Your LDAP password will expire in %ld %s%s.",
+		    expirein, expire_unit, (expirein == 1) ? "" : "s");
+	  _conv_sendmsg (appconv, buf, PAM_TEXT_INFO, no_warn);
+
+	  /* we set this to make sure that user can't abort a password change */
+	  (void) pam_set_data (pamh, PADL_LDAP_AUTHTOK_DATA,
+			       (void *) strdup (username), _cleanup_data);
+	}
+      if (session->info->grace_logins_remaining > 0)
+	{
+	  snprintf (buf, sizeof buf,
+		    "Your LDAP password has expired. "
+                    "You have %ld grace login%s remaining. "
+                    "Please change your password as soon as possible",
+		    session->info->grace_logins_remaining,
+                    (session->info->grace_logins_remaining == 1) ? "" : "s");
 	  _conv_sendmsg (appconv, buf, PAM_TEXT_INFO, no_warn);
 
 	  /* we set this to make sure that user can't abort a password change */
Index: pam_ldap-184/pam_ldap.h
===================================================================
--- pam_ldap-184.orig/pam_ldap.h
+++ pam_ldap-184/pam_ldap.h
@@ -222,7 +222,9 @@ pam_ldap_shadow_t;
 #endif
 
 /* Seconds in a day */
-#define SECSPERDAY 86400
+#define SECSPERMIN 60
+#define SECSPERHOUR (60*SECSPERMIN)
+#define SECSPERDAY (24*SECSPERHOUR)
 
 /* Netscape per-use password attributes. Unused except for DN. */
 typedef struct pam_ldap_user_info
openSUSE Build Service is sponsored by
Places