diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2014-08-20 16:44:49 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-08-22 17:47:39 +0200 |
| commit | 0fc01559df86cb8295f5cb43287595aeaccaac65 (patch) | |
| tree | c152e731cb4cacd8be6887fff2edceeb756f915d | |
| parent | 6626068f0c4463bdd65a802dc4a00b8af4f598d0 (diff) | |
| download | sssd-0fc01559df86cb8295f5cb43287595aeaccaac65.tar.gz sssd-0fc01559df86cb8295f5cb43287595aeaccaac65.tar.xz sssd-0fc01559df86cb8295f5cb43287595aeaccaac65.zip | |
LDAP: Do not shortcut on ret != EOK during password expiry check
https://fedorahosted.org/sssd/ticket/2323
The functions that check for password expiration can return non-zero
return codes not only on internal failure, but also to indicate that the
password was expired. The code would in this case shortcut in the error
handler instead of making its way to the switch-case code below that
translates the SSSD error codes into PAM error codes.
We don't lose the error reporting, because any internal error would
translate into PAM_SYSTEM_ERROR anyway.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
(cherry picked from commit 06ba69972e6728f97f5adbcc3cc4df811a831f53)
(cherry picked from commit 7454855b9b5117a13fe86fb93b9cc870323ccd20)
| -rw-r--r-- | src/providers/ldap/ldap_auth.c | 15 |
1 files changed, 0 insertions, 15 deletions
diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c index 8e3c43e4c..2aacce094 100644 --- a/src/providers/ldap/ldap_auth.c +++ b/src/providers/ldap/ldap_auth.c @@ -1251,30 +1251,15 @@ static void sdap_pam_auth_done(struct tevent_req *req) switch (pw_expire_type) { case PWEXPIRE_SHADOW: ret = check_pwexpire_shadow(pw_expire_data, time(NULL), state->pd); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "check_pwexpire_shadow failed.\n"); - state->pd->pam_status = PAM_SYSTEM_ERR; - goto done; - } break; case PWEXPIRE_KERBEROS: ret = check_pwexpire_kerberos(pw_expire_data, time(NULL), state->pd, be_ctx->domain->pwd_expiration_warning); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "check_pwexpire_kerberos failed.\n"); - state->pd->pam_status = PAM_SYSTEM_ERR; - goto done; - } break; case PWEXPIRE_LDAP_PASSWORD_POLICY: ret = check_pwexpire_ldap(state->pd, pw_expire_data, be_ctx->domain->pwd_expiration_warning); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "check_pwexpire_ldap failed.\n"); - state->pd->pam_status = PAM_SYSTEM_ERR; - goto done; - } break; case PWEXPIRE_NONE: break; |