# --- SDE-COPYRIGHT-NOTE-BEGIN ---
# This copyright note is auto-generated by ./scripts/Create-CopyPatch.
#
# Filename: package/.../pam_ldap/pam_ldap-178-shadowlastChange.patch
# Copyright (C) 2004 - 2006 The T2 SDE Project
#
# More information can be found in the files COPYING and README.
#
# This patch file is dual-licensed. It is available under the license the
# patched project is licensed under, as long as it is an OpenSource license
# as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms
# of the GNU General Public License as published by the Free Software
# Foundation; either version 2 of the License, or (at your option) any later
# version.
# --- SDE-COPYRIGHT-NOTE-END ---
## pam_ldap-178-shadowlastChange.patch by Peter Marschall <peter@adpm.de>
##
## log failure of writing shadowLastChange to syslog

--- ./pam_ldap.c
+++ ./pam_ldap.c	2005-03-28 11:46:41.345626723 +0200
@@ -3625,6 +3625,8 @@
     }
   else
     {
+      int errcode;
+
       /* update shadowLastChange; may fail if not shadowAccount */
       snprintf (buf, sizeof buf, "%ld", time (NULL) / (60 * 60 * 24));
       strvals[0] = buf;
@@ -3637,8 +3639,14 @@
       mods[0] = &mod;
       mods[1] = NULL;
 
-      /* do this silently because it may fail */
-      (void) ldap_modify_s (session->ld, session->info->userdn, mods);
+      /* Only log errors because it may fail */
+      errcode = ldap_modify_s (session->ld, session->info->userdn, mods);
+      if (errcode != LDAP_SUCCESS)
+      {
+	syslog (LOG_WARNING,
+			"pam_ldap: Unable to update shadowLastChange attribute: %s",
+			ldap_err2string (rc));
+      }
 
       snprintf (errmsg, sizeof errmsg,
 		"LDAP password information changed for %s", username);