int _ldap_parse_passwordpolicy_control(LDAP *ld, LDAPControl *ctrl, ber_int_t *expire, ber_int_t *grace, unsigned int *error) { if (ctrl == NULL) return LDAP_CONTROL_NOT_FOUND; return ldap_parse_passwordpolicy_control(ld, ctrl, expire, grace, error); }
int _ldap_parse_passwordpolicy_control(LDAP *ld, LDAPControl **ctrls, ber_int_t *expire, ber_int_t *grace, unsigned int *error) { return ldap_parse_passwordpolicy_control(ld, ctrls, expire, grace, error); }
static int pam_bindcb( Operation *op, SlapReply *rs) { struct paminfo *pi = op->o_callback->sc_private; LDAPControl *ctrl = ldap_control_find(LDAP_CONTROL_PASSWORDPOLICYRESPONSE, rs->sr_ctrls, NULL); if (ctrl) { LDAP *ld; ber_int_t expire, grace; LDAPPasswordPolicyError error; ldap_create(&ld); if (ld) { int rc = ldap_parse_passwordpolicy_control(ld,ctrl, &expire,&grace,&error); if (rc == LDAP_SUCCESS) { if (expire >= 0) { char *unit = "seconds"; if (expire > 60) { expire /= 60; unit = "minutes"; } if (expire > 60) { expire /= 60; unit = "hours"; } if (expire > 24) { expire /= 24; unit = "days"; } #if 0 /* Who warns about expiration so far in advance? */ if (expire > 7) { expire /= 7; unit = "weeks"; } if (expire > 4) { expire /= 4; unit = "months"; } if (expire > 12) { expire /= 12; unit = "years"; } #endif pi->msg.bv_len = sprintf(pi->msg.bv_val, "\nWARNING: Password expires in %d %s\n", expire, unit); } else if (grace > 0) { pi->msg.bv_len = sprintf(pi->msg.bv_val, "Password expired; %d grace logins remaining", grace); pi->authz = NSLCD_PAM_NEW_AUTHTOK_REQD; } else if (error != PP_noError) { ber_str2bv(ldap_passwordpolicy_err2txt(error), 0, 0, &pi->msg); switch (error) { case PP_passwordExpired: /* report this during authz */ rs->sr_err = LDAP_SUCCESS; /* fallthru */ case PP_changeAfterReset: pi->authz = NSLCD_PAM_NEW_AUTHTOK_REQD; } } } ldap_ld_free(ld,0,NULL,NULL); } } return LDAP_SUCCESS; }