From ab967283b710dfa05d11ee5b30c7ac916486ceec Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Wed, 21 Nov 2012 16:52:33 -0500
Subject: Use SSSD specific errors for offline auth

This prevents reportin false errors when internal functions return
a generic EINVAL or EACCES that should just be treated as internal
errors.
---
 src/util/auth_utils.h | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

(limited to 'src/util/auth_utils.h')

diff --git a/src/util/auth_utils.h b/src/util/auth_utils.h
index e9e60a085..8883c5ceb 100644
--- a/src/util/auth_utils.h
+++ b/src/util/auth_utils.h
@@ -28,15 +28,17 @@
 static inline int cached_login_pam_status(int auth_res)
 {
     switch (auth_res) {
-        case EOK:
-            return PAM_SUCCESS;
-        case ENOENT:
-            return PAM_AUTHINFO_UNAVAIL;
-        case EINVAL:
-            return PAM_AUTH_ERR;
-        case EACCES:
-            return PAM_PERM_DENIED;
+    case EOK:
+        return PAM_SUCCESS;
+    case ERR_ACCOUNT_UNKNOWN:
+        return PAM_AUTHINFO_UNAVAIL;
+    case ERR_NO_CACHED_CREDS:
+    case ERR_CACHED_CREDS_EXPIRED:
+    case ERR_AUTH_DENIED:
+        return PAM_PERM_DENIED;
+    case ERR_AUTH_FAILED:
+        return PAM_AUTH_ERR;
+    default:
+        return PAM_SYSTEM_ERR;
     }
-
-    return PAM_SYSTEM_ERR;
 }
-- 
cgit