diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2014-08-20 16:44:49 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-08-22 17:39:24 +0200 |
| commit | 06ba69972e6728f97f5adbcc3cc4df811a831f53 (patch) | |
| tree | ebbc56df9b8033be2c538951a8b52e49b1cbde2c /src | |
| parent | 5a4df83d769ace54f92513f0be78e753e0985a25 (diff) | |
| download | sssd-06ba69972e6728f97f5adbcc3cc4df811a831f53.tar.gz sssd-06ba69972e6728f97f5adbcc3cc4df811a831f53.tar.xz sssd-06ba69972e6728f97f5adbcc3cc4df811a831f53.zip | |
LDAP: Do not shortcut on ret != EOK during password expiry check
https://fedorahosted.org/sssd/ticket/2323
The functions that check for password expiration can return non-zero
return codes not only on internal failure, but also to indicate that the
password was expired. The code would in this case shortcut in the error
handler instead of making its way to the switch-case code below that
translates the SSSD error codes into PAM error codes.
We don't lose the error reporting, because any internal error would
translate into PAM_SYSTEM_ERROR anyway.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/providers/ldap/ldap_auth.c | 15 |
1 files changed, 0 insertions, 15 deletions
diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c index 40f297c16..5a40c1359 100644 --- a/src/providers/ldap/ldap_auth.c +++ b/src/providers/ldap/ldap_auth.c @@ -1250,30 +1250,15 @@ static void sdap_pam_auth_done(struct tevent_req *req) switch (pw_expire_type) { case PWEXPIRE_SHADOW: ret = check_pwexpire_shadow(pw_expire_data, time(NULL), state->pd); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "check_pwexpire_shadow failed.\n"); - state->pd->pam_status = PAM_SYSTEM_ERR; - goto done; - } break; case PWEXPIRE_KERBEROS: ret = check_pwexpire_kerberos(pw_expire_data, time(NULL), state->pd, be_ctx->domain->pwd_expiration_warning); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "check_pwexpire_kerberos failed.\n"); - state->pd->pam_status = PAM_SYSTEM_ERR; - goto done; - } break; case PWEXPIRE_LDAP_PASSWORD_POLICY: ret = check_pwexpire_ldap(state->pd, pw_expire_data, be_ctx->domain->pwd_expiration_warning); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "check_pwexpire_ldap failed.\n"); - state->pd->pam_status = PAM_SYSTEM_ERR; - goto done; - } break; case PWEXPIRE_NONE: break; |