nss-pam-ldapd branch master updated. 0.9.6-19-g4be9c59
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
nss-pam-ldapd branch master updated. 0.9.6-19-g4be9c59
- From: Commits of the nss-pam-ldapd project <nss-pam-ldapd-commits [at] lists.arthurdejong.org>
- To: nss-pam-ldapd-commits [at] lists.arthurdejong.org
- Reply-to: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: nss-pam-ldapd branch master updated. 0.9.6-19-g4be9c59
- Date: Mon, 22 Feb 2016 22:26:17 +0100 (CET)
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "nss-pam-ldapd".
The branch, master has been updated
via 4be9c599b1d09294a42bb97e52c87fb3c43690b7 (commit)
via 985aec3cf40e1773a504b28780accd4cad6ea81a (commit)
from b795f6ca60c47403caa217c3b3179b44dd2e770e (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=4be9c599b1d09294a42bb97e52c87fb3c43690b7
commit 4be9c599b1d09294a42bb97e52c87fb3c43690b7
Author: Arthur de Jong <arthur@arthurdejong.org>
Date: Mon Feb 22 22:02:06 2016 +0100
Fix logic error
This could result in a free(NULL) call. This code path can only be
triggered if pam_ldap changes the logged-in username (introduced in
6a74d8d).
Thanks 依云, see
https://github.com/arthurdejong/nss-pam-ldapd/issues/11
diff --git a/pam/pam.c b/pam/pam.c
index d7956ce..a3a18f8 100644
--- a/pam/pam.c
+++ b/pam/pam.c
@@ -512,7 +512,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags,
username, resp.msg);
rc = pam_set_item(pamh, PAM_USER, resp.msg);
/* empty the username in the context to not loose our context */
- if (ctx->username == NULL)
+ if (ctx->username != NULL)
{
free(ctx->username);
ctx->username = NULL;
http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=985aec3cf40e1773a504b28780accd4cad6ea81a
commit 985aec3cf40e1773a504b28780accd4cad6ea81a
Author: Mathieu Baeumler <mathieu.baeumler@gmail.com>
Date: Sat Jan 30 22:46:38 2016 +0100
Display human readable expiry message
Display a human readable message (days+hours, or hours+minutes, or
seconds) when the password expiring warning is issued.
diff --git a/nslcd/myldap.c b/nslcd/myldap.c
index 926a51d..932fd7b 100644
--- a/nslcd/myldap.c
+++ b/nslcd/myldap.c
@@ -406,6 +406,63 @@ static int do_sasl_interact(LDAP UNUSED(*ld), unsigned
UNUSED(flags),
}
#if defined(HAVE_LDAP_SASL_BIND) && defined(LDAP_SASL_SIMPLE)
+static void print_ppolicy_expiry(MYLDAP_SESSION *session, unsigned int sec)
+{
+ unsigned int days = 0;
+ unsigned int hours = 0;
+ unsigned int minutes = 0;
+ /* return this warning so PAM can present it to the user */
+ if (strlen(session->policy_message) != 0)
+ return;
+ if (sec > 24 * 3600)
+ {
+ days = sec / (24 * 3600);
+ sec -= days * 24 * 3600;
+ }
+ if (sec > 3600)
+ {
+ hours = sec / 3600;
+ sec -= (hours * 3600);
+ }
+ if (sec > 60)
+ {
+ minutes = sec / 60;
+ sec -= minutes * 60;
+ }
+ if (days > 1)
+ mysnprintf(session->policy_message, sizeof(session->policy_message),
+ "Password will expires in %u days", days);
+ else if (days > 0)
+ mysnprintf(session->policy_message, sizeof(session->policy_message),
+ "Password will expires in %u hours", hours + 24);
+ else if (hours > 1)
+ {
+ if (minutes > 1)
+ mysnprintf(session->policy_message, sizeof(session->policy_message),
+ "Password will expires in %u hours and %u minutes",
+ hours, minutes);
+ else
+ mysnprintf(session->policy_message, sizeof(session->policy_message),
+ "Password will expires in %u hours", hours);
+ }
+ else if (hours > 0)
+ mysnprintf(session->policy_message, sizeof(session->policy_message),
+ "Password will expires in %u minutes", minutes + 60);
+ else if (minutes > 1)
+ {
+ if (sec > 1)
+ mysnprintf(session->policy_message, sizeof(session->policy_message),
+ "Password will expires in %u minutes and %u seconds",
+ minutes, sec);
+ else
+ mysnprintf(session->policy_message, sizeof(session->policy_message),
+ "Password will expires in %u minutes", minutes);
+ }
+ else
+ mysnprintf(session->policy_message, sizeof(session->policy_message),
+ "Password will expires in %u seconds", sec);
+}
+
static void handle_ppolicy_controls(MYLDAP_SESSION *session, LDAP *ld,
LDAPControl **ctrls)
{
int i;
@@ -434,12 +491,7 @@ static void handle_ppolicy_controls(MYLDAP_SESSION
*session, LDAP *ld, LDAPContr
sec = atol(seconds);
log_log(LOG_DEBUG, "got LDAP_CONTROL_PWEXPIRING (password will expire in
%ld seconds)",
sec);
- /* return this warning so PAM can present it to the user */
- if (strlen(session->policy_message) == 0)
- {
- mysnprintf(session->policy_message, sizeof(session->policy_message),
- "password will expire in %ld seconds", sec);
- }
+ print_ppolicy_expiry(session, (unsigned int)sec);
}
else if (strcmp(ctrls[i]->ldctl_oid, LDAP_CONTROL_PASSWORDPOLICYRESPONSE)
== 0)
{
@@ -503,8 +555,7 @@ static void handle_ppolicy_controls(MYLDAP_SESSION
*session, LDAP *ld, LDAPContr
{
/* if no other error has happened, this indicates that the password
will soon expire (number of seconds) */
- mysnprintf(session->policy_message, sizeof(session->policy_message),
- "Password will expire in %d seconds", expire);
+ print_ppolicy_expiry(session, (unsigned int)expire);
}
else if ((grace >= 0) && (strlen(session->policy_message) == 0))
{
-----------------------------------------------------------------------
Summary of changes:
nslcd/myldap.c | 67 +++++++++++++++++++++++++++++++++++++++++++++++++++-------
pam/pam.c | 2 +-
2 files changed, 60 insertions(+), 9 deletions(-)
hooks/post-receive
--
nss-pam-ldapd
--
To unsubscribe send an email to
nss-pam-ldapd-commits-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-commits/
- nss-pam-ldapd branch master updated. 0.9.6-19-g4be9c59,
Commits of the nss-pam-ldapd project
