diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2016-05-17 12:00:07 +0200 |
---|---|---|
committer | Lukas Slebodnik <lslebodn@redhat.com> | 2016-05-19 13:57:02 +0200 |
commit | 030b821b3704771b15f58293e2b1259a2c0fc32f (patch) | |
tree | 137d85168772139ec428a770e3809ac17551c4c6 | |
parent | de8815aba87d08b6b7ac5d502dcb1755787e0857 (diff) | |
download | sssd-030b821b3704771b15f58293e2b1259a2c0fc32f.tar.gz sssd-030b821b3704771b15f58293e2b1259a2c0fc32f.tar.xz sssd-030b821b3704771b15f58293e2b1259a2c0fc32f.zip |
AD: Do not schedule the machine renewal task if adcli is not executable
Before scheduling the adcli renewal task, check if the renewal program
(typically adcli) is accessible. If not, do dot schedule the renewal
task at all.
Resolves:
https://fedorahosted.org/sssd/ticket/3016
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
-rw-r--r-- | src/providers/ad/ad_machine_pw_renewal.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/src/providers/ad/ad_machine_pw_renewal.c b/src/providers/ad/ad_machine_pw_renewal.c index 3d79aa0a6..b0d2cf64a 100644 --- a/src/providers/ad/ad_machine_pw_renewal.c +++ b/src/providers/ad/ad_machine_pw_renewal.c @@ -307,6 +307,15 @@ errno_t ad_machine_account_password_renewal_init(struct be_ctx *be_ctx, int opt_list_size; char *endptr; + ret = access(RENEWAL_PROG_PATH, X_OK); + if (ret != 0) { + ret = errno; + DEBUG(SSSDBG_CONF_SETTINGS, + "The helper program ["RENEWAL_PROG_PATH"] for renewal " + "doesn't exist [%d]: %s\n", ret, strerror(ret)); + return EOK; + } + lifetime = dp_opt_get_int(ad_opts->basic, AD_MAXIMUM_MACHINE_ACCOUNT_PASSWORD_AGE); |