From b4c01ab6d58519431f2c88deec14e0371233eeef Mon Sep 17 00:00:00 2001
From: Ralf Haferkamp <rhafer@suse.de>
Date: Fri, 12 Mar 2010 14:42:09 +0100
Subject: Fixed authentication check for CHAUTHTOK_PRELIM

When changing passwords, treat SDAP_AUTH_PW_EXPIRED as a successful
authentication in SSS_PAM_CHAUTHTOK_PRELIM.
---
 src/providers/ldap/ldap_auth.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/providers/ldap')

diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c
index ba1136bdd..522870307 100644
--- a/src/providers/ldap/ldap_auth.c
+++ b/src/providers/ldap/ldap_auth.c
@@ -721,7 +721,7 @@ static void sdap_auth4chpass_done(struct tevent_req *req)
         goto done;
     }
 
-    if (result == SDAP_AUTH_SUCCESS &&
+    if ( (result == SDAP_AUTH_SUCCESS || result == SDAP_AUTH_PW_EXPIRED ) &&
         state->pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM) {
         DEBUG(9, ("Initial authentication for change password operation "
                   "successful.\n"));
-- 
cgit