lists.arthurdejong.org
RSS feed

nss-pam-ldapd branch master updated. 0.9.6-19-g4be9c59

[Date Prev][Date Next] [Thread Prev][Thread Next]

nss-pam-ldapd branch master updated. 0.9.6-19-g4be9c59



This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "nss-pam-ldapd".

The branch, master has been updated
       via  4be9c599b1d09294a42bb97e52c87fb3c43690b7 (commit)
       via  985aec3cf40e1773a504b28780accd4cad6ea81a (commit)
      from  b795f6ca60c47403caa217c3b3179b44dd2e770e (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=4be9c599b1d09294a42bb97e52c87fb3c43690b7

commit 4be9c599b1d09294a42bb97e52c87fb3c43690b7
Author: Arthur de Jong <arthur@arthurdejong.org>
Date:   Mon Feb 22 22:02:06 2016 +0100

    Fix logic error
    
    This could result in a free(NULL) call. This code path can only be
    triggered if pam_ldap changes the logged-in username (introduced in
    6a74d8d).
    
    Thanks 依云, see
    https://github.com/arthurdejong/nss-pam-ldapd/issues/11

diff --git a/pam/pam.c b/pam/pam.c
index d7956ce..a3a18f8 100644
--- a/pam/pam.c
+++ b/pam/pam.c
@@ -512,7 +512,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags,
                username, resp.msg);
     rc = pam_set_item(pamh, PAM_USER, resp.msg);
     /* empty the username in the context to not loose our context */
-    if (ctx->username == NULL)
+    if (ctx->username != NULL)
     {
       free(ctx->username);
       ctx->username = NULL;

http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=985aec3cf40e1773a504b28780accd4cad6ea81a

commit 985aec3cf40e1773a504b28780accd4cad6ea81a
Author: Mathieu Baeumler <mathieu.baeumler@gmail.com>
Date:   Sat Jan 30 22:46:38 2016 +0100

    Display human readable expiry message
    
    Display a human readable message (days+hours, or hours+minutes, or
    seconds) when the password expiring warning is issued.

diff --git a/nslcd/myldap.c b/nslcd/myldap.c
index 926a51d..932fd7b 100644
--- a/nslcd/myldap.c
+++ b/nslcd/myldap.c
@@ -406,6 +406,63 @@ static int do_sasl_interact(LDAP UNUSED(*ld), unsigned 
UNUSED(flags),
   }
 
 #if defined(HAVE_LDAP_SASL_BIND) && defined(LDAP_SASL_SIMPLE)
+static void print_ppolicy_expiry(MYLDAP_SESSION *session, unsigned int sec)
+{
+  unsigned int days = 0;
+  unsigned int hours = 0;
+  unsigned int minutes = 0;
+  /* return this warning so PAM can present it to the user */
+  if (strlen(session->policy_message) != 0)
+    return;
+  if (sec > 24 * 3600)
+  {
+    days = sec / (24 * 3600);
+    sec -= days * 24 * 3600;
+  }
+  if (sec > 3600)
+  {
+    hours = sec / 3600;
+    sec -= (hours * 3600);
+  }
+  if (sec > 60)
+  {
+    minutes = sec / 60;
+    sec -= minutes * 60;
+  }
+  if (days > 1)
+    mysnprintf(session->policy_message, sizeof(session->policy_message),
+               "Password will expires in %u days", days);
+  else if (days > 0)
+    mysnprintf(session->policy_message, sizeof(session->policy_message),
+               "Password will expires in %u hours", hours + 24);
+  else if (hours > 1)
+  {
+    if (minutes > 1)
+      mysnprintf(session->policy_message, sizeof(session->policy_message),
+                 "Password will expires in %u hours and %u minutes",
+                 hours, minutes);
+    else
+      mysnprintf(session->policy_message, sizeof(session->policy_message),
+                 "Password will expires in %u hours", hours);
+  }
+  else if (hours > 0)
+    mysnprintf(session->policy_message, sizeof(session->policy_message),
+               "Password will expires in %u minutes", minutes + 60);
+  else if (minutes > 1)
+  {
+    if (sec > 1)
+      mysnprintf(session->policy_message, sizeof(session->policy_message),
+                 "Password will expires in %u minutes and %u seconds",
+                 minutes, sec);
+    else
+      mysnprintf(session->policy_message, sizeof(session->policy_message),
+                 "Password will expires in %u minutes", minutes);
+  }
+  else
+    mysnprintf(session->policy_message, sizeof(session->policy_message),
+               "Password will expires in %u seconds", sec);
+}
+
 static void handle_ppolicy_controls(MYLDAP_SESSION *session, LDAP *ld, 
LDAPControl **ctrls)
 {
   int i;
@@ -434,12 +491,7 @@ static void handle_ppolicy_controls(MYLDAP_SESSION 
*session, LDAP *ld, LDAPContr
       sec = atol(seconds);
       log_log(LOG_DEBUG, "got LDAP_CONTROL_PWEXPIRING (password will expire in 
%ld seconds)",
               sec);
-      /* return this warning so PAM can present it to the user */
-      if (strlen(session->policy_message) == 0)
-      {
-        mysnprintf(session->policy_message, sizeof(session->policy_message),
-                   "password will expire in %ld seconds",  sec);
-      }
+      print_ppolicy_expiry(session, (unsigned int)sec);
     }
     else if (strcmp(ctrls[i]->ldctl_oid, LDAP_CONTROL_PASSWORDPOLICYRESPONSE) 
== 0)
     {
@@ -503,8 +555,7 @@ static void handle_ppolicy_controls(MYLDAP_SESSION 
*session, LDAP *ld, LDAPContr
         {
           /* if no other error has happened, this indicates that the password
              will soon expire (number of seconds) */
-          mysnprintf(session->policy_message, sizeof(session->policy_message),
-                     "Password will expire in %d seconds", expire);
+          print_ppolicy_expiry(session, (unsigned int)expire);
         }
         else if ((grace >= 0) && (strlen(session->policy_message) == 0))
         {

-----------------------------------------------------------------------

Summary of changes:
 nslcd/myldap.c | 67 +++++++++++++++++++++++++++++++++++++++++++++++++++-------
 pam/pam.c      |  2 +-
 2 files changed, 60 insertions(+), 9 deletions(-)


hooks/post-receive
-- 
nss-pam-ldapd
-- 
To unsubscribe send an email to
nss-pam-ldapd-commits-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-commits/