On Mon, Apr 22, 2013 at 12:33:11PM +0200, Jakub Hrozek wrote: > The attached patch fixes displaying of the last grace password warning, > iow when grace == 0. I checked that this is what pam_ldap does, too. > > The patch has been tested by a GSS engineer.
Sorry, I managed to send a patch that only applied on top of sssd-1-9. The attached patch cleanly applies on master.
>From e2fc56dae76861f939be39db1ecebba7a469ddd7 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek <jhro...@redhat.com> Date: Mon, 22 Apr 2013 11:18:40 +0200 Subject: [PATCH] Display the last grace warning, too Due to a comparison error, the last warning when an LDAP password was in its grace period was never displayed. https://fedorahosted.org/sssd/ticket/1890 --- src/providers/ldap/ldap_auth.c | 4 ++-- src/providers/ldap/sdap_async_connection.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c index f4e6d28f0bd2c1fbf18f093780808c0db9f43478..58cc2d356d0e2c032f05328247540ba1a556b8ca 100644 --- a/src/providers/ldap/ldap_auth.c +++ b/src/providers/ldap/ldap_auth.c @@ -200,7 +200,7 @@ static errno_t check_pwexpire_ldap(struct pam_data *pd, { int ret = EOK; - if (ppolicy->grace > 0 || ppolicy->expire > 0) { + if (ppolicy->grace >= 0 || ppolicy->expire > 0) { uint32_t *data; uint32_t *ptr; @@ -215,7 +215,7 @@ static errno_t check_pwexpire_ldap(struct pam_data *pd, } ptr = data; - if (ppolicy->grace > 0) { + if (ppolicy->grace >= 0) { *ptr = SSS_PAM_USER_INFO_GRACE_LOGIN; ptr++; *ptr = ppolicy->grace; diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c index f77d0380582a0a12950606b5991b8d4f48bd2dd6..304a7be5bd22adf78fad8aa918dec667bed22c3e 100644 --- a/src/providers/ldap/sdap_async_connection.c +++ b/src/providers/ldap/sdap_async_connection.c @@ -615,7 +615,7 @@ static void simple_bind_done(struct sdap_op *op, ("Password was reset. " "User must set a new password.\n")); ret = ERR_PASSWORD_EXPIRED; - } else if (pp_grace > 0) { + } else if (pp_grace >= 0) { DEBUG(SSSDBG_TRACE_LIBS, ("Password expired. " "[%d] grace logins remaining.\n", -- 1.8.1.4
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel