diff options
| author | Simo Sorce <simo@redhat.com> | 2013-02-26 16:25:07 -0500 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-03-19 14:07:41 +0100 |
| commit | 233a3c6c48972b177e60d6ef4cecfacd3cf31659 (patch) | |
| tree | e67d6eaed705d8c76173af0c06b49072224460be /src/providers/ipa/ipa_auth.c | |
| parent | 4f2e932acd5266e9d4e3f55966baafbdbd2ae210 (diff) | |
| download | sssd-233a3c6c48972b177e60d6ef4cecfacd3cf31659.tar.gz sssd-233a3c6c48972b177e60d6ef4cecfacd3cf31659.tar.xz sssd-233a3c6c48972b177e60d6ef4cecfacd3cf31659.zip | |
Use common error facility instead of sdap_result
Simplifies and consolidates error reporting for ldap authentication paths.
Adds 3 new error codes:
ERR_CHPASS_DENIED - Used when password constraints deny password changes
ERR_ACCOUNT_EXPIRED - Account is expired
ERR_PASSWORD_EXPIRED - Password is expired
Diffstat (limited to 'src/providers/ipa/ipa_auth.c')
| -rw-r--r-- | src/providers/ipa/ipa_auth.c | 24 |
1 files changed, 13 insertions, 11 deletions
diff --git a/src/providers/ipa/ipa_auth.c b/src/providers/ipa/ipa_auth.c index 2a033db94..5cb3d402e 100644 --- a/src/providers/ipa/ipa_auth.c +++ b/src/providers/ipa/ipa_auth.c @@ -36,7 +36,6 @@ struct get_password_migration_flag_state { struct tevent_context *ev; struct sdap_id_op *sdap_op; struct sdap_id_ctx *sdap_id_ctx; - enum sdap_result result; struct fo_server *srv; char *ipa_realm; bool password_migration; @@ -68,7 +67,6 @@ static struct tevent_req *get_password_migration_flag_send(TALLOC_CTX *memctx, state->ev = ev; state->sdap_id_ctx = sdap_id_ctx; - state->result = SDAP_ERROR; state->srv = NULL; state->password_migration = false; state->ipa_realm = ipa_realm; @@ -393,26 +391,30 @@ static void ipa_auth_ldap_done(struct tevent_req *req) struct be_ctx *be_ctx = be_req_get_be_ctx(state->be_req); int ret; int dp_err = DP_ERR_FATAL; - enum sdap_result result; - ret = sdap_auth_recv(req, state, &result, NULL); + ret = sdap_auth_recv(req, state, NULL); talloc_zfree(req); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, ("auth_send request failed.\n")); - state->pd->pam_status = PAM_SYSTEM_ERR; - dp_err = DP_ERR_OK; - goto done; - } + switch (ret) { + case EOK: + break; + case ERR_AUTH_DENIED: + case ERR_AUTH_FAILED: + case ERR_PASSWORD_EXPIRED: /* TODO: do we need to handle expired passwords? */ - if (result != SDAP_AUTH_SUCCESS) { DEBUG(SSSDBG_MINOR_FAILURE, ("LDAP authentication failed, " "Password migration not possible.\n")); state->pd->pam_status = PAM_CRED_INSUFFICIENT; dp_err = DP_ERR_OK; goto done; + default: + DEBUG(SSSDBG_OP_FAILURE, ("auth_send request failed.\n")); + state->pd->pam_status = PAM_SYSTEM_ERR; + dp_err = DP_ERR_OK; + goto done; } + DEBUG(SSSDBG_TRACE_FUNC, ("LDAP authentication succeded, " "trying Kerberos authentication again.\n")); |