diff options
author | Endi S. Dewata <edewata@redhat.com> | 2010-03-11 14:26:56 -0600 |
---|---|---|
committer | Rich Megginson <rmeggins@redhat.com> | 2010-03-12 19:51:21 -0700 |
commit | 1ef0ec98b6c91471454647e5f613d26fa015c619 (patch) | |
tree | fa7a1da28b15e074bc79307cb765ddfde9f1a300 /ldap/servers/slapd/daemon.c | |
parent | ed463407ead1f63ba26f64740a1e5cd1d79a03ee (diff) | |
download | ds-1ef0ec98b6c91471454647e5f613d26fa015c619.tar.gz ds-1ef0ec98b6c91471454647e5f613d26fa015c619.tar.xz ds-1ef0ec98b6c91471454647e5f613d26fa015c619.zip |
Bug 470684 - Pam_passthru plugin doesn't verify account activation
https://bugzilla.redhat.com/show_bug.cgi?id=470684
Resolves: bug 470684
Bug Description: Pam passthrough doesn't verify account activation
Reviewed by: rmeggins
Branch: HEAD
Fix Description: The check_account_lock() has been renamed to
slapi_check_account_lock() and moved into libslapd.so so any plugins
can use it. The account_inactivation_only parameter has been replaced
by check_password_policy. A new parameter send_result has been added
to determine whether to send LDAP results.
The pam_passthru plugin has been modified to use this function to
check account activation when the pamIDMapMethod is set to ENTRY.
The plugin will not check password policy.
Diffstat (limited to 'ldap/servers/slapd/daemon.c')
-rw-r--r-- | ldap/servers/slapd/daemon.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/ldap/servers/slapd/daemon.c b/ldap/servers/slapd/daemon.c index 0db7f136..672a9a4d 100644 --- a/ldap/servers/slapd/daemon.c +++ b/ldap/servers/slapd/daemon.c @@ -1922,11 +1922,12 @@ slapd_bind_local_user(Connection *conn) if(entries[0] && 0 == entries[1]) { /* observe account locking */ - ret = check_account_lock( + ret = slapi_check_account_lock( 0, /* pb not req */ entries[0], 0, /* no response control */ - 1 /* inactivation only */ + 0, /* don't check password policy */ + 0 /* don't send ldap result */ ); if(0 == ret) @@ -1981,11 +1982,12 @@ entry_map_free: if(0 == ret && e) { - ret = check_account_lock( + ret = slapi_check_account_lock( 0, /* pb not req */ e, 0, /* no response control */ - 1 /* inactivation only */ + 0, /* don't check password policy */ + 0 /* don't send ldap result */ ); if(1 == ret) |