summaryrefslogtreecommitdiffstats
path: root/daemons/ipa-kdb/ipa_kdb_principals.c
diff options
context:
space:
mode:
Diffstat (limited to 'daemons/ipa-kdb/ipa_kdb_principals.c')
-rw-r--r--daemons/ipa-kdb/ipa_kdb_principals.c13
1 files changed, 7 insertions, 6 deletions
diff --git a/daemons/ipa-kdb/ipa_kdb_principals.c b/daemons/ipa-kdb/ipa_kdb_principals.c
index 9d43ebc66..828ba760c 100644
--- a/daemons/ipa-kdb/ipa_kdb_principals.c
+++ b/daemons/ipa-kdb/ipa_kdb_principals.c
@@ -324,17 +324,18 @@ static enum ipadb_user_auth ipadb_get_user_auth(struct ipadb_context *ipactx,
enum ipadb_user_auth ua = IPADB_USER_AUTH_NONE;
const struct ipadb_global_config *gcfg = NULL;
- /* Get the user's user_auth settings. */
- ipadb_parse_user_auth(ipactx->lcontext, lentry, &ua);
-
/* Get the global user_auth settings. */
gcfg = ipadb_get_global_config(ipactx);
if (gcfg != NULL)
gua = gcfg->user_auth;
- /* If the disabled flag is set, ignore everything else. */
- if ((ua | gua) & IPADB_USER_AUTH_DISABLED)
- return IPADB_USER_AUTH_DISABLED;
+ /* Get the user's user_auth settings if not disabled. */
+ if ((gua & IPADB_USER_AUTH_DISABLED) == 0)
+ ipadb_parse_user_auth(ipactx->lcontext, lentry, &ua);
+
+ /* Filter out the disabled flag. */
+ gua &= ~IPADB_USER_AUTH_DISABLED;
+ ua &= ~IPADB_USER_AUTH_DISABLED;
/* Determine which user_auth policy is active: user or global. */
if (ua == IPADB_USER_AUTH_NONE)
generated by cgit (git 2.34.1) at 2024-06-19 19:49:26 +0000