From cf2e3bf01fd3f9f38208da25304366329211d602 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Mon, 22 Apr 2013 11:38:27 +0200 Subject: Display the last grace warning, too Due to a comparison error, the last warning when an LDAP password was in its grace period was never displayed. https://fedorahosted.org/sssd/ticket/1890 --- src/providers/ldap/ldap_auth.c | 4 ++-- src/providers/ldap/sdap_async_connection.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c index b0dd30ce6..6aba14c96 100644 --- a/src/providers/ldap/ldap_auth.c +++ b/src/providers/ldap/ldap_auth.c @@ -209,7 +209,7 @@ static errno_t check_pwexpire_ldap(struct pam_data *pd, enum sdap_result *result, int pwd_exp_warning) { - if (ppolicy->grace > 0 || ppolicy->expire > 0) { + if (ppolicy->grace >= 0 || ppolicy->expire > 0) { uint32_t *data; uint32_t *ptr; int ret; @@ -225,7 +225,7 @@ static errno_t check_pwexpire_ldap(struct pam_data *pd, } ptr = data; - if (ppolicy->grace > 0) { + if (ppolicy->grace >= 0) { *ptr = SSS_PAM_USER_INFO_GRACE_LOGIN; ptr++; *ptr = ppolicy->grace; diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c index ff9924843..44536c730 100644 --- a/src/providers/ldap/sdap_async_connection.c +++ b/src/providers/ldap/sdap_async_connection.c @@ -608,7 +608,7 @@ static void simple_bind_done(struct sdap_op *op, ("Password was reset. " "User must set a new password.\n")); state->result = LDAP_X_SSSD_PASSWORD_EXPIRED; - } else if (pp_grace > 0) { + } else if (pp_grace >= 0) { DEBUG(SSSDBG_TRACE_LIBS, ("Password expired. " "[%d] grace logins remaining.\n", -- cgit