lists.arthurdejong.org
RSS feed

nss-pam-ldapd commit: r1475 - nss-pam-ldapd/nslcd

[Date Prev][Date Next] [Thread Prev][Thread Next]

nss-pam-ldapd commit: r1475 - nss-pam-ldapd/nslcd



Author: arthur
Date: Fri Jun 10 10:49:07 2011
New Revision: 1475
URL: http://arthurdejong.org/viewvc/nss-pam-ldapd?view=rev&revision=1475

Log:
correctly only check password expiration when authenticating, only check 
account expiration when doing authorisation check

Modified:
   nss-pam-ldapd/nslcd/pam.c

Modified: nss-pam-ldapd/nslcd/pam.c
==============================================================================
--- nss-pam-ldapd/nslcd/pam.c   Sun Jun  5 22:18:11 2011        (r1474)
+++ nss-pam-ldapd/nslcd/pam.c   Fri Jun 10 10:49:07 2011        (r1475)
@@ -190,14 +190,14 @@
         inactleft=lastchangedate+maxdays+inactdays-today;
         if (inactleft==0)
           mysnprintf(authzmsg+strlen(authzmsg),authzmsgsz-strlen(authzmsg)-1,
-                     ", account will expire today");
+                     ", account will be locked today");
         else if (inactleft>0)
           mysnprintf(authzmsg+strlen(authzmsg),authzmsgsz-strlen(authzmsg)-1,
-                     ", account will expire in %ld days",inactleft);
+                     ", account will be locked in %ld days",inactleft);
         else
         {
           mysnprintf(authzmsg+strlen(authzmsg),authzmsgsz-strlen(authzmsg)-1,
-                     ", account expired %ld days ago",-inactleft);
+                     ", account locked %ld days ago",-inactleft);
           log_log(LOG_WARNING,"%s: %s",myldap_get_dn(entry),authzmsg);
           return NSLCD_PAM_AUTHTOK_EXPIRED;
         }
@@ -299,7 +299,7 @@
   }
   /* perform shadow attribute checks */
   if (*username!='\0')
-    authzrc=check_shadow(session,username,authzmsg,sizeof(authzmsg),0,0);
+    authzrc=check_shadow(session,username,authzmsg,sizeof(authzmsg),1,0);
   /* write response */
   WRITE_INT32(fp,NSLCD_RESULT_BEGIN);
   WRITE_STRING(fp,username);
@@ -479,7 +479,7 @@
     return 0;
   }
   /* perform shadow attribute checks */
-  rc=check_shadow(session,username,authzmsg,sizeof(authzmsg),1,0);
+  rc=check_shadow(session,username,authzmsg,sizeof(authzmsg),0,0);
   /* write response */
   WRITE_INT32(fp,NSLCD_RESULT_BEGIN);
   WRITE_STRING(fp,username);
-- 
To unsubscribe send an email to
nss-pam-ldapd-commits-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-commits