PAM: refac. pam_reply: extract add_warning_about_expiration

Extracting add_warning_about_expiration() reduces length of pam_reply() and simplifies it by removing 2 local variables. Also move add_warning_about_expiration to more logical place (previously it was called after packet creation but before its setting). Resolves: https://fedorahosted.org/sssd/ticket/2615
author: Pavel Reichl <preichl@redhat.com> 2015-04-09 10:08:51 -0400
committer: Jakub Hrozek <jhrozek@redhat.com> 2015-10-16 16:08:12 +0200
commit: 16204ef5ad2b2ff60654c8c6f98958d2c70c0cbb (patch)
tree: 63329648224ec28b9d7dbfe00075e80ea3374b53
parent: f0831989339397792387aa639c8199a7b8afe859 (diff)
download: sssd-16204ef5ad2b2ff60654c8c6f98958d2c70c0cbb.tar.gz
sssd-16204ef5ad2b2ff60654c8c6f98958d2c70c0cbb.tar.xz
sssd-16204ef5ad2b2ff60654c8c6f98958d2c70c0cbb.zip
1 files changed, 50 insertions, 32 deletions
diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c
index de60494b1..2c503582b 100644
--- a/src/responder/pam/pamsrv_cmd.c
+++ b/src/responder/pam/pamsrv_cmd.c
@@ -300,6 +300,49 @@ static errno_t get_password_for_cache_auth(struct sss_auth_token *authtok,
     return EOK;
 }
 
+static errno_t add_warning_about_expiration(struct pam_data *pd,
+                                            struct confdb_ctx *cdb)
+{
+    char* pam_account_expired_message;
+    int pam_verbosity;
+    errno_t ret;
+
+    ret = confdb_get_int(cdb, CONFDB_PAM_CONF_ENTRY,
+                         CONFDB_PAM_VERBOSITY, DEFAULT_PAM_VERBOSITY,
+                         &pam_verbosity);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_CRIT_FAILURE,
+              "Failed to read PAM verbosity, not fatal.\n");
+        pam_verbosity = DEFAULT_PAM_VERBOSITY;
+    }
+
+    /* Account expiration warning is printed for sshd. If pam_verbosity
+     * is equal or above PAM_VERBOSITY_INFO then all services are informed
+     * about account expiration.
+     */
+    if (pd->pam_status == PAM_ACCT_EXPIRED &&
+        ((pd->service != NULL && strcasecmp(pd->service, "sshd") == 0) ||
+         pam_verbosity >= PAM_VERBOSITY_INFO)) {
+
+        ret = confdb_get_string(cdb, pd, CONFDB_PAM_CONF_ENTRY,
+                                CONFDB_PAM_ACCOUNT_EXPIRED_MESSAGE, "",
+                                &pam_account_expired_message);
+        if (ret != EOK) {
+            DEBUG(SSSDBG_MINOR_FAILURE,
+                  "Failed to get expiration message: %d:[%s].\n",
+                  ret, sss_strerror(ret));
+            goto done;
+        }
+
+        inform_account_expired(pd, pam_account_expired_message);
+    }
+
+    ret = EOK;
+
+done:
+    return ret;
+}
+
 static int pam_forwarder(struct cli_ctx *cctx, int pam_cmd);
 static void pam_handle_cached_login(struct pam_auth_req *preq, int ret,
                                     time_t expire_date, time_t delayed_until, bool cached_auth);
@@ -321,22 +364,11 @@ static void pam_reply(struct pam_auth_req *preq)
     uint32_t user_info_type;
     time_t exp_date = -1;
     time_t delay_until = -1;
-    char* pam_account_expired_message;
-    int pam_verbosity;
 
     pd = preq->pd;
     cctx = preq->cctx;
     pctx = talloc_get_type(preq->cctx->rctx->pvt_ctx, struct pam_ctx);
 
-    ret = confdb_get_int(pctx->rctx->cdb, CONFDB_PAM_CONF_ENTRY,
-                         CONFDB_PAM_VERBOSITY, DEFAULT_PAM_VERBOSITY,
-                         &pam_verbosity);
-    if (ret != EOK) {
-        DEBUG(SSSDBG_CRIT_FAILURE,
-              "Failed to read PAM verbosity, not fatal.\n");
-        pam_verbosity = DEFAULT_PAM_VERBOSITY;
-    }
-
     DEBUG(SSSDBG_FUNC_DATA,
           "pam_reply called with result [%d]: %s.\n",
           pd->pam_status, pam_strerror(NULL, pd->pam_status));
@@ -459,31 +491,17 @@ static void pam_reply(struct pam_auth_req *preq)
         return;
     }
 
-    ret = sss_packet_new(cctx->creq, 0, sss_packet_get_cmd(cctx->creq->in),
-                         &cctx->creq->out);
+    ret = add_warning_about_expiration(pd, pctx->rctx->cdb);
     if (ret != EOK) {
+        DEBUG(SSSDBG_MINOR_FAILURE, "warn_about_expiration failed: %d:[%s]\n",
+              ret, sss_strerror(ret));
         goto done;
     }
 
-    /* Account expiration warning is printed for sshd. If pam_verbosity
-     * is equal or above PAM_VERBOSITY_INFO then all services are informed
-     * about account expiration.
-     */
-    if (pd->pam_status == PAM_ACCT_EXPIRED &&
-        ((pd->service != NULL && strcasecmp(pd->service, "sshd") == 0) ||
-         pam_verbosity >= PAM_VERBOSITY_INFO)) {
-
-        ret = confdb_get_string(pctx->rctx->cdb, pd, CONFDB_PAM_CONF_ENTRY,
-                                CONFDB_PAM_ACCOUNT_EXPIRED_MESSAGE, "",
-                                &pam_account_expired_message);
-        if (ret != EOK) {
-            DEBUG(SSSDBG_MINOR_FAILURE,
-                  "Failed to get expiration message: %d:[%s].\n",
-                  ret, sss_strerror(ret));
-            goto done;
-        }
-
-        inform_account_expired(pd, pam_account_expired_message);
+    ret = sss_packet_new(cctx->creq, 0, sss_packet_get_cmd(cctx->creq->in),
+                         &cctx->creq->out);
+    if (ret != EOK) {
+        goto done;
     }
 
     ret = filter_responses(pctx->rctx->cdb, pd->resp_list);
author	Pavel Reichl <preichl@redhat.com>	2015-04-09 10:08:51 -0400
committer	Jakub Hrozek <jhrozek@redhat.com>	2015-10-16 16:08:12 +0200
commit	16204ef5ad2b2ff60654c8c6f98958d2c70c0cbb (patch)
tree	63329648224ec28b9d7dbfe00075e80ea3374b53
parent	f0831989339397792387aa639c8199a7b8afe859 (diff)
download	sssd-16204ef5ad2b2ff60654c8c6f98958d2c70c0cbb.tar.gz sssd-16204ef5ad2b2ff60654c8c6f98958d2c70c0cbb.tar.xz sssd-16204ef5ad2b2ff60654c8c6f98958d2c70c0cbb.zip