summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorJakub Hrozek <jhrozek@redhat.com>2014-08-20 16:44:49 +0200
committerJakub Hrozek <jhrozek@redhat.com>2014-08-22 17:41:45 +0200
commit7454855b9b5117a13fe86fb93b9cc870323ccd20 (patch)
treec8233033f67976f0901c4dbb1a301e50ff64842a /src
parent49a73ff732215e59e51eb0f2eae56fff0d94f29b (diff)
downloadsssd-7454855b9b5117a13fe86fb93b9cc870323ccd20.tar.gz
sssd-7454855b9b5117a13fe86fb93b9cc870323ccd20.tar.xz
sssd-7454855b9b5117a13fe86fb93b9cc870323ccd20.zip
LDAP: Do not shortcut on ret != EOK during password expiry check
https://fedorahosted.org/sssd/ticket/2323 The functions that check for password expiration can return non-zero return codes not only on internal failure, but also to indicate that the password was expired. The code would in this case shortcut in the error handler instead of making its way to the switch-case code below that translates the SSSD error codes into PAM error codes. We don't lose the error reporting, because any internal error would translate into PAM_SYSTEM_ERROR anyway. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> (cherry picked from commit 06ba69972e6728f97f5adbcc3cc4df811a831f53)
Diffstat (limited to 'src')
-rw-r--r--src/providers/ldap/ldap_auth.c15
1 files changed, 0 insertions, 15 deletions
diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c
index 8e3c43e4c..2aacce094 100644
--- a/src/providers/ldap/ldap_auth.c
+++ b/src/providers/ldap/ldap_auth.c
@@ -1251,30 +1251,15 @@ static void sdap_pam_auth_done(struct tevent_req *req)
switch (pw_expire_type) {
case PWEXPIRE_SHADOW:
ret = check_pwexpire_shadow(pw_expire_data, time(NULL), state->pd);
- if (ret != EOK) {
- DEBUG(SSSDBG_CRIT_FAILURE, "check_pwexpire_shadow failed.\n");
- state->pd->pam_status = PAM_SYSTEM_ERR;
- goto done;
- }
break;
case PWEXPIRE_KERBEROS:
ret = check_pwexpire_kerberos(pw_expire_data, time(NULL),
state->pd,
be_ctx->domain->pwd_expiration_warning);
- if (ret != EOK) {
- DEBUG(SSSDBG_CRIT_FAILURE, "check_pwexpire_kerberos failed.\n");
- state->pd->pam_status = PAM_SYSTEM_ERR;
- goto done;
- }
break;
case PWEXPIRE_LDAP_PASSWORD_POLICY:
ret = check_pwexpire_ldap(state->pd, pw_expire_data,
be_ctx->domain->pwd_expiration_warning);
- if (ret != EOK) {
- DEBUG(SSSDBG_CRIT_FAILURE, "check_pwexpire_ldap failed.\n");
- state->pd->pam_status = PAM_SYSTEM_ERR;
- goto done;
- }
break;
case PWEXPIRE_NONE:
break;
generated by cgit (git 2.34.1) at 2024-05-08 06:02:08 +0000