Use SSSD specific errors for offline auth

This prevents reportin false errors when internal functions return
a generic EINVAL or EACCES that should just be treated as internal
errors.

1 files changed, 12 insertions, 10 deletions

diff --git a/src/util/auth_utils.h b/src/util/auth_utils.h
index e9e60a085..8883c5ceb 100644
--- a/src/util/auth_utils.h
+++ b/src/util/auth_utils.h
@@ -28,15 +28,17 @@
 static inline int cached_login_pam_status(int auth_res)
 {
     switch (auth_res) {
-        case EOK:
-            return PAM_SUCCESS;
-        case ENOENT:
-            return PAM_AUTHINFO_UNAVAIL;
-        case EINVAL:
-            return PAM_AUTH_ERR;
-        case EACCES:
-            return PAM_PERM_DENIED;
+    case EOK:
+        return PAM_SUCCESS;
+    case ERR_ACCOUNT_UNKNOWN:
+        return PAM_AUTHINFO_UNAVAIL;
+    case ERR_NO_CACHED_CREDS:
+    case ERR_CACHED_CREDS_EXPIRED:
+    case ERR_AUTH_DENIED:
+        return PAM_PERM_DENIED;
+    case ERR_AUTH_FAILED:
+        return PAM_AUTH_ERR;
+    default:
+        return PAM_SYSTEM_ERR;
     }
-
-    return PAM_SYSTEM_ERR;
 }