File pam_ldap-expirewarning.dif of Package pam_ldap.8244
Index: pam_ldap-184/pam_ldap.c
===================================================================
--- pam_ldap-184.orig/pam_ldap.c
+++ pam_ldap-184/pam_ldap.c
@@ -4080,6 +4080,7 @@ pam_sm_acct_mgmt (pam_handle_t * pamh, i
*/
if (session->info->policy_error != POLICY_ERROR_PASSWORD_EXPIRED)
{
+ const char *expire_unit = "day";
if (session->info->shadow.warn > 0) /* shadowAccount */
{
/*
@@ -4096,14 +4097,47 @@ pam_sm_acct_mgmt (pam_handle_t * pamh, i
}
else
{
- expirein = session->info->password_expiration_time / SECSPERDAY;
+ if ( session->info->password_expiration_time > SECSPERDAY )
+ {
+ expirein = session->info->password_expiration_time / SECSPERDAY;
+ expire_unit = "day";
+ }
+ else if ( session->info->password_expiration_time > SECSPERHOUR )
+ {
+ expirein = session->info->password_expiration_time / SECSPERHOUR;
+ expire_unit = "hour";
+ }
+ else if ( session->info->password_expiration_time > SECSPERMIN )
+ {
+ expirein = session->info->password_expiration_time / SECSPERMIN;
+ expire_unit = "minute";
+ }
+ else
+ {
+ expirein = session->info->password_expiration_time;
+ expire_unit = "second";
+ }
}
if (expirein > 0)
{
snprintf (buf, sizeof buf,
- "Your LDAP password will expire in %ld day%s.",
- expirein, (expirein == 1) ? "" : "s");
+ "Your LDAP password will expire in %ld %s%s.",
+ expirein, expire_unit, (expirein == 1) ? "" : "s");
+ _conv_sendmsg (appconv, buf, PAM_TEXT_INFO, no_warn);
+
+ /* we set this to make sure that user can't abort a password change */
+ (void) pam_set_data (pamh, PADL_LDAP_AUTHTOK_DATA,
+ (void *) strdup (username), _cleanup_data);
+ }
+ if (session->info->grace_logins_remaining > 0)
+ {
+ snprintf (buf, sizeof buf,
+ "Your LDAP password has expired. "
+ "You have %ld grace login%s remaining. "
+ "Please change your password as soon as possible",
+ session->info->grace_logins_remaining,
+ (session->info->grace_logins_remaining == 1) ? "" : "s");
_conv_sendmsg (appconv, buf, PAM_TEXT_INFO, no_warn);
/* we set this to make sure that user can't abort a password change */
Index: pam_ldap-184/pam_ldap.h
===================================================================
--- pam_ldap-184.orig/pam_ldap.h
+++ pam_ldap-184/pam_ldap.h
@@ -222,7 +222,9 @@ pam_ldap_shadow_t;
#endif
/* Seconds in a day */
-#define SECSPERDAY 86400
+#define SECSPERMIN 60
+#define SECSPERHOUR (60*SECSPERMIN)
+#define SECSPERDAY (24*SECSPERHOUR)
/* Netscape per-use password attributes. Unused except for DN. */
typedef struct pam_ldap_user_info