On Mon, Apr 22, 2013 at 12:33:11PM +0200, Jakub Hrozek wrote:
> The attached patch fixes displaying of the last grace password warning,
> iow when grace == 0. I checked that this is what pam_ldap does, too.
> 
> The patch has been tested by a GSS engineer.

Sorry, I managed to send a patch that only applied on top of sssd-1-9.
The attached patch cleanly applies on master.
>From e2fc56dae76861f939be39db1ecebba7a469ddd7 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhro...@redhat.com>
Date: Mon, 22 Apr 2013 11:18:40 +0200
Subject: [PATCH] Display the last grace warning, too

Due to a comparison error, the last warning when an LDAP password was in
its grace period was never displayed.

https://fedorahosted.org/sssd/ticket/1890
---
 src/providers/ldap/ldap_auth.c             | 4 ++--
 src/providers/ldap/sdap_async_connection.c | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c
index 
f4e6d28f0bd2c1fbf18f093780808c0db9f43478..58cc2d356d0e2c032f05328247540ba1a556b8ca
 100644
--- a/src/providers/ldap/ldap_auth.c
+++ b/src/providers/ldap/ldap_auth.c
@@ -200,7 +200,7 @@ static errno_t check_pwexpire_ldap(struct pam_data *pd,
 {
     int ret = EOK;
 
-    if (ppolicy->grace > 0 || ppolicy->expire > 0) {
+    if (ppolicy->grace >= 0 || ppolicy->expire > 0) {
         uint32_t *data;
         uint32_t *ptr;
 
@@ -215,7 +215,7 @@ static errno_t check_pwexpire_ldap(struct pam_data *pd,
         }
 
         ptr = data;
-        if (ppolicy->grace > 0) {
+        if (ppolicy->grace >= 0) {
             *ptr = SSS_PAM_USER_INFO_GRACE_LOGIN;
             ptr++;
             *ptr = ppolicy->grace;
diff --git a/src/providers/ldap/sdap_async_connection.c 
b/src/providers/ldap/sdap_async_connection.c
index 
f77d0380582a0a12950606b5991b8d4f48bd2dd6..304a7be5bd22adf78fad8aa918dec667bed22c3e
 100644
--- a/src/providers/ldap/sdap_async_connection.c
+++ b/src/providers/ldap/sdap_async_connection.c
@@ -615,7 +615,7 @@ static void simple_bind_done(struct sdap_op *op,
                               ("Password was reset. "
                                "User must set a new password.\n"));
                         ret = ERR_PASSWORD_EXPIRED;
-                    } else if (pp_grace > 0) {
+                    } else if (pp_grace >= 0) {
                         DEBUG(SSSDBG_TRACE_LIBS,
                               ("Password expired. "
                                "[%d] grace logins remaining.\n",
-- 
1.8.1.4

_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel

Reply via email to