Bug 4290 - pam_winbind: password expiry time shown incorrectly
pam_winbind: password expiry time shown incorrectly
Status: RESOLVED FIXED
Product: Samba 3.0
Classification: Unclassified
Component: winbind
3.0.23d
All All
: P3 normal
: none
Assigned To: Jim McDonough
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2006-12-08 08:53 UTC by Andrew Benham
Modified: 2006-12-12 16:05 UTC (History)
0 users

See Also:


Attachments
Patch to pam_winbind.c (856 bytes, patch)
2006-12-08 08:54 UTC, Andrew Benham
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Benham 2006-12-08 08:53:27 UTC
pam_winbind.c, lines 470-476 read:

/* warn a user if the password is about to expire soon */
if ( ! (response.data.auth.info3.acct_flags & ACB_PWNOEXP) &&
    (response.data.auth.policy.expire) && 
    (response.data.auth.info3.pass_last_set_time +
     response.data.auth.policy.expire > time(NULL) ) ) {

		int days = response.data.auth.policy.expire / SECONDS_PER_DAY;
		if (days <= DAYS_TO_WARN_BEFORE_PWD_EXPIRES) {
...


If "the time the password was last set"  plus  "the password lifetime policy"
is greater than the current time, then we test if "the password
lifetime policy" in days is less than DAYS_TO_WARN_BEFORE_PWD_EXPIRES.

Probably not what was intended - this prints the policy on password lifetimes.

By changing 'DAYS_TO_WARN_BEFORE_PWD_EXPIRES' to 100, I discovered that
our policy on password lifetimes is 84 days, but not how long until a password
expires.


The calculation of 'days' should be:

int days = (response.data.auth.info3.pass_last_set_time 
            + response.data.auth.policy.expire
            - time(NULL) ) / SECONDS_PER_DAY;

then users are warned when their passwords are about to expire.
Comment 1 Andrew Benham 2006-12-08 08:54:33 UTC
Created attachment 2237 [details]
Patch to pam_winbind.c

Fixes password expiry warning
Comment 2 Jim McDonough 2006-12-12 16:05:59 UTC
Thanks, nice catch.  Checked into 3.0 and 3.0.24, r20136.