diff options
| author | Simo Sorce <simo@redhat.com> | 2012-11-21 16:52:33 -0500 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-03-04 23:40:25 +0100 |
| commit | ab967283b710dfa05d11ee5b30c7ac916486ceec (patch) | |
| tree | 636b0ded10d3a282cbd3c8ff88e9c94de60d26e3 /src/db | |
| parent | 8bcabb97d988d1602882a1f036aac2eaf5e09234 (diff) | |
| download | sssd-ab967283b710dfa05d11ee5b30c7ac916486ceec.tar.gz sssd-ab967283b710dfa05d11ee5b30c7ac916486ceec.tar.xz sssd-ab967283b710dfa05d11ee5b30c7ac916486ceec.zip | |
Use SSSD specific errors for offline auth
This prevents reportin false errors when internal functions return
a generic EINVAL or EACCES that should just be treated as internal
errors.
Diffstat (limited to 'src/db')
| -rw-r--r-- | src/db/sysdb_ops.c | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index 0fb8ed49e..1f27af8db 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -2754,7 +2754,7 @@ errno_t check_failed_login_attempts(struct confdb_ctx *cdb, if (ret != EOK) { DEBUG(1, ("Failed to read the number of allowed failed login " "attempts.\n")); - ret = EIO; + ret = ERR_INTERNAL; goto done; } ret = confdb_get_int(cdb, CONFDB_PAM_CONF_ENTRY, @@ -2763,7 +2763,7 @@ errno_t check_failed_login_attempts(struct confdb_ctx *cdb, &failed_login_delay); if (ret != EOK) { DEBUG(1, ("Failed to read the failed login delay.\n")); - ret = EIO; + ret = ERR_INTERNAL; goto done; } DEBUG(9, ("Failed login attempts [%d], allowed failed login attempts [%d], " @@ -2781,12 +2781,12 @@ errno_t check_failed_login_attempts(struct confdb_ctx *cdb, } else { DEBUG(7, ("login delayed until %lld.\n", (long long) end)); *delayed_until = end; - ret = EACCES; + ret = ERR_AUTH_DENIED; goto done; } } else { DEBUG(4, ("Too many failed logins.\n")); - ret = EACCES; + ret = ERR_AUTH_DENIED; goto done; } } @@ -2862,6 +2862,7 @@ int sysdb_cache_auth(struct sysdb_ctx *sysdb, if (ret != EOK) { DEBUG(1, ("sysdb_search_user_by_name failed [%d][%s].\n", ret, strerror(ret))); + if (ret == ENOENT) ret = ERR_ACCOUNT_UNKNOWN; goto done; } @@ -2884,7 +2885,7 @@ int sysdb_cache_auth(struct sysdb_ctx *sysdb, if (expire_date < time(NULL)) { DEBUG(4, ("Cached user entry is too old.\n")); expire_date = 0; - ret = EACCES; + ret = ERR_CACHED_CREDS_EXPIRED; goto done; } } else { @@ -2903,14 +2904,14 @@ int sysdb_cache_auth(struct sysdb_ctx *sysdb, userhash = ldb_msg_find_attr_as_string(ldb_msg, SYSDB_CACHEDPWD, NULL); if (userhash == NULL || *userhash == '\0') { DEBUG(4, ("Cached credentials not available.\n")); - ret = ENOENT; + ret = ERR_NO_CACHED_CREDS; goto done; } ret = s3crypt_sha512(tmp_ctx, password, userhash, &comphash); if (ret) { DEBUG(4, ("Failed to create password hash.\n")); - ret = EFAULT; + ret = ERR_INTERNAL; goto done; } @@ -2997,7 +2998,7 @@ done: ret = EOK; } else { if (ret == EOK) { - ret = EINVAL; + ret = ERR_AUTH_FAILED; } } talloc_free(tmp_ctx); |