1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
|
--- src/providers/ldap/ldap_auth.c.orig 2014-09-17 13:01:37 UTC
+++ src/providers/ldap/ldap_auth.c
@@ -37,7 +37,6 @@
#include <sys/time.h>
#include <strings.h>
-#include <shadow.h>
#include <security/pam_modules.h>
#include "util/util.h"
@@ -56,6 +55,22 @@ enum pwexpire {
PWEXPIRE_SHADOW
};
+struct spwd
+{
+ char *sp_namp; /* Login name. */
+ char *sp_pwdp; /* Encrypted password. */
+ long int sp_lstchg; /* Date of last change. */
+ long int sp_min; /* Minimum number of days between changes. */
+ long int sp_max; /* Maximum number of days between changes. */
+ long int sp_warn; /* Number of days to warn user to change
+ the password. */
+ long int sp_inact; /* Number of days the account may be
+ inactive. */
+ long int sp_expire; /* Number of days since 1970-01-01 until
+ account expires. */
+ unsigned long int sp_flag; /* Reserved. */
+};
+
static errno_t add_expired_warning(struct pam_data *pd, long exp_time)
{
int ret;
@@ -109,6 +124,7 @@ static errno_t check_pwexpire_kerberos(const char *exp
return EINVAL;
}
+ tzset();
expire_time = mktime(&tm);
if (expire_time == -1) {
DEBUG(SSSDBG_CRIT_FAILURE,
@@ -116,12 +132,10 @@ static errno_t check_pwexpire_kerberos(const char *exp
return EINVAL;
}
- tzset();
- expire_time -= timezone;
DEBUG(SSSDBG_TRACE_ALL,
- "Time info: tzname[0] [%s] tzname[1] [%s] timezone [%ld] "
- "daylight [%d] now [%ld] expire_time [%ld].\n", tzname[0],
- tzname[1], timezone, daylight, now, expire_time);
+ "Time info: tzname[0] [%s] tzname[1] [%s] "
+ "now [%ld] expire_time [%ld].\n", tzname[0],
+ tzname[1], now, expire_time);
if (difftime(now, expire_time) > 0.0) {
DEBUG(SSSDBG_CONF_SETTINGS, "Kerberos password expired.\n");
@@ -924,7 +938,7 @@ void sdap_pam_chpass_handler(struct be_req *breq)
DEBUG(SSSDBG_OP_FAILURE,
"starting password change request for user [%s].\n", pd->user);
- pd->pam_status = PAM_SYSTEM_ERR;
+ pd->pam_status = PAM_SERVICE_ERR;
if (pd->cmd != SSS_PAM_CHAUTHTOK && pd->cmd != SSS_PAM_CHAUTHTOK_PRELIM) {
DEBUG(SSSDBG_OP_FAILURE,
@@ -1069,7 +1083,7 @@ static void sdap_auth4chpass_done(struct tevent_req *r
dp_err = DP_ERR_OFFLINE;
break;
default:
- state->pd->pam_status = PAM_SYSTEM_ERR;
+ state->pd->pam_status = PAM_SERVICE_ERR;
}
done:
@@ -1131,7 +1145,7 @@ static void sdap_pam_chpass_done(struct tevent_req *re
state->sh, state->dn,
lastchanged_name);
if (subreq == NULL) {
- state->pd->pam_status = PAM_SYSTEM_ERR;
+ state->pd->pam_status = PAM_SERVICE_ERR;
goto done;
}
@@ -1152,7 +1166,7 @@ static void sdap_lastchange_done(struct tevent_req *re
ret = sdap_modify_shadow_lastchange_recv(req);
if (ret != EOK) {
- state->pd->pam_status = PAM_SYSTEM_ERR;
+ state->pd->pam_status = PAM_SERVICE_ERR;
goto done;
}
@@ -1193,7 +1207,7 @@ void sdap_pam_auth_handler(struct be_req *breq)
goto done;
}
- pd->pam_status = PAM_SYSTEM_ERR;
+ pd->pam_status = PAM_SERVICE_ERR;
switch (pd->cmd) {
case SSS_PAM_AUTHENTICATE:
@@ -1291,7 +1305,7 @@ static void sdap_pam_auth_done(struct tevent_req *req)
state->pd->pam_status = PAM_NEW_AUTHTOK_REQD;
break;
default:
- state->pd->pam_status = PAM_SYSTEM_ERR;
+ state->pd->pam_status = PAM_SERVICE_ERR;
dp_err = DP_ERR_FATAL;
}
|