|
|
1cdfb00 |
From 09c9dfa2c3f183dfd2704e4dfd488521b793ae3a Mon Sep 17 00:00:00 2001
|
|
|
1cdfb00 |
From: Pavel Reichl <preichl@redhat.com>
|
|
|
1cdfb00 |
Date: Thu, 19 Feb 2015 11:50:54 -0500
|
|
|
1cdfb00 |
Subject: [PATCH 03/99] PAM: warn all services about account expiration
|
|
|
1cdfb00 |
|
|
|
1cdfb00 |
if pam_verbose is above one then output warning about account
|
|
|
1cdfb00 |
expiration for all services.
|
|
|
1cdfb00 |
|
|
|
1cdfb00 |
Resolves:
|
|
|
1cdfb00 |
https://fedorahosted.org/sssd/ticket/2050
|
|
|
1cdfb00 |
|
|
|
1cdfb00 |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
1cdfb00 |
(cherry picked from commit f3c2dc1f9ccdf456fd78ed96197b9bf404cc29fc)
|
|
|
1cdfb00 |
---
|
|
|
1cdfb00 |
src/responder/pam/pamsrv_cmd.c | 19 +++++++++++++++++--
|
|
|
1cdfb00 |
1 file changed, 17 insertions(+), 2 deletions(-)
|
|
|
1cdfb00 |
|
|
|
1cdfb00 |
diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c
|
|
|
1cdfb00 |
index a9c1b49d7ccf361404b02fb4c4a8ae260f9498cc..ab8369b0f9b1f3ed9256fc16396f095818d36bbf 100644
|
|
|
1cdfb00 |
--- a/src/responder/pam/pamsrv_cmd.c
|
|
|
1cdfb00 |
+++ b/src/responder/pam/pamsrv_cmd.c
|
|
|
1cdfb00 |
@@ -546,11 +546,20 @@ static void pam_reply(struct pam_auth_req *preq)
|
|
|
1cdfb00 |
time_t exp_date = -1;
|
|
|
1cdfb00 |
time_t delay_until = -1;
|
|
|
1cdfb00 |
char* pam_account_expired_message;
|
|
|
1cdfb00 |
+ int pam_verbosity;
|
|
|
1cdfb00 |
|
|
|
1cdfb00 |
pd = preq->pd;
|
|
|
1cdfb00 |
cctx = preq->cctx;
|
|
|
1cdfb00 |
pctx = talloc_get_type(preq->cctx->rctx->pvt_ctx, struct pam_ctx);
|
|
|
1cdfb00 |
|
|
|
1cdfb00 |
+ ret = confdb_get_int(pctx->rctx->cdb, CONFDB_PAM_CONF_ENTRY,
|
|
|
1cdfb00 |
+ CONFDB_PAM_VERBOSITY, DEFAULT_PAM_VERBOSITY,
|
|
|
1cdfb00 |
+ &pam_verbosity);
|
|
|
1cdfb00 |
+ if (ret != EOK) {
|
|
|
1cdfb00 |
+ DEBUG(SSSDBG_CRIT_FAILURE,
|
|
|
1cdfb00 |
+ "Failed to read PAM verbosity, not fatal.\n");
|
|
|
1cdfb00 |
+ pam_verbosity = DEFAULT_PAM_VERBOSITY;
|
|
|
1cdfb00 |
+ }
|
|
|
1cdfb00 |
|
|
|
1cdfb00 |
DEBUG(SSSDBG_FUNC_DATA,
|
|
|
1cdfb00 |
"pam_reply called with result [%d].\n", pd->pam_status);
|
|
|
1cdfb00 |
@@ -659,8 +668,14 @@ static void pam_reply(struct pam_auth_req *preq)
|
|
|
1cdfb00 |
goto done;
|
|
|
1cdfb00 |
}
|
|
|
1cdfb00 |
|
|
|
1cdfb00 |
- if (pd->pam_status == PAM_ACCT_EXPIRED && pd->service != NULL &&
|
|
|
1cdfb00 |
- strcasecmp(pd->service, "sshd") == 0) {
|
|
|
1cdfb00 |
+ /* Account expiration warning is printed for sshd. If pam_verbosity
|
|
|
1cdfb00 |
+ * is equal or above PAM_VERBOSITY_INFO then all services are informed
|
|
|
1cdfb00 |
+ * about account expiration.
|
|
|
1cdfb00 |
+ */
|
|
|
1cdfb00 |
+ if (pd->pam_status == PAM_ACCT_EXPIRED &&
|
|
|
1cdfb00 |
+ ((pd->service != NULL && strcasecmp(pd->service, "sshd") == 0) ||
|
|
|
1cdfb00 |
+ pam_verbosity >= PAM_VERBOSITY_INFO)) {
|
|
|
1cdfb00 |
+
|
|
|
1cdfb00 |
ret = confdb_get_string(pctx->rctx->cdb, pd, CONFDB_PAM_CONF_ENTRY,
|
|
|
1cdfb00 |
CONFDB_PAM_ACCOUNT_EXPIRED_MESSAGE, "",
|
|
|
1cdfb00 |
&pam_account_expired_message);
|
|
|
1cdfb00 |
--
|
|
|
1cdfb00 |
2.4.0
|
|
|
1cdfb00 |
|