diff options
| author | Arthur de Jong <arthur@arthurdejong.org> | 2011-06-10 08:49:07 +0000 |
|---|---|---|
| committer | Arthur de Jong <arthur@arthurdejong.org> | 2011-06-10 08:49:07 +0000 |
| commit | 2b160881f87d3d15d885b208c80b27e112459701 (patch) | |
| tree | 91e564770efe2ab47949d05fe54137c7f8a456bf | |
| parent | b5fce7976afee60a1af2c53178f9f4f12cc32829 (diff) | |
correctly only check password expiration when authenticating, only check account expiration when doing authorisation check
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1475 ef36b2f9-881f-0410-afb5-c4e39611909c
| -rw-r--r-- | nslcd/pam.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/nslcd/pam.c b/nslcd/pam.c index b0c1911..dbdf0b5 100644 --- a/nslcd/pam.c +++ b/nslcd/pam.c @@ -190,14 +190,14 @@ static int check_shadow(MYLDAP_SESSION *session,const char *username, inactleft=lastchangedate+maxdays+inactdays-today; if (inactleft==0) mysnprintf(authzmsg+strlen(authzmsg),authzmsgsz-strlen(authzmsg)-1, - ", account will expire today"); + ", account will be locked today"); else if (inactleft>0) mysnprintf(authzmsg+strlen(authzmsg),authzmsgsz-strlen(authzmsg)-1, - ", account will expire in %ld days",inactleft); + ", account will be locked in %ld days",inactleft); else { mysnprintf(authzmsg+strlen(authzmsg),authzmsgsz-strlen(authzmsg)-1, - ", account expired %ld days ago",-inactleft); + ", account locked %ld days ago",-inactleft); log_log(LOG_WARNING,"%s: %s",myldap_get_dn(entry),authzmsg); return NSLCD_PAM_AUTHTOK_EXPIRED; } @@ -299,7 +299,7 @@ int nslcd_pam_authc(TFILE *fp,MYLDAP_SESSION *session,uid_t calleruid) } /* perform shadow attribute checks */ if (*username!='\0') - authzrc=check_shadow(session,username,authzmsg,sizeof(authzmsg),0,0); + authzrc=check_shadow(session,username,authzmsg,sizeof(authzmsg),1,0); /* write response */ WRITE_INT32(fp,NSLCD_RESULT_BEGIN); WRITE_STRING(fp,username); @@ -479,7 +479,7 @@ int nslcd_pam_authz(TFILE *fp,MYLDAP_SESSION *session) return 0; } /* perform shadow attribute checks */ - rc=check_shadow(session,username,authzmsg,sizeof(authzmsg),1,0); + rc=check_shadow(session,username,authzmsg,sizeof(authzmsg),0,0); /* write response */ WRITE_INT32(fp,NSLCD_RESULT_BEGIN); WRITE_STRING(fp,username); |