diff options
-rw-r--r-- | src/providers/data_provider.h | 2 | ||||
-rw-r--r-- | src/providers/ldap/ldap_auth.c | 4 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async_connection.c | 6 |
3 files changed, 12 insertions, 0 deletions
diff --git a/src/providers/data_provider.h b/src/providers/data_provider.h index 39051b90c..7332b677d 100644 --- a/src/providers/data_provider.h +++ b/src/providers/data_provider.h @@ -182,6 +182,8 @@ struct pam_data { bool offline_auth; bool last_auth_saved; int priv; + int account_locked; + #ifdef USE_KEYRING key_serial_t key_serial; #endif diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c index c94ba15bb..8d6a37b2c 100644 --- a/src/providers/ldap/ldap_auth.c +++ b/src/providers/ldap/ldap_auth.c @@ -1302,6 +1302,10 @@ static void sdap_pam_auth_done(struct tevent_req *req) case ERR_PASSWORD_EXPIRED: state->pd->pam_status = PAM_NEW_AUTHTOK_REQD; break; + case ERR_ACCOUNT_LOCKED: + state->pd->account_locked = true; + state->pd->pam_status = PAM_PERM_DENIED; + break; default: state->pd->pam_status = PAM_SYSTEM_ERR; dp_err = DP_ERR_FATAL; diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c index 2d9b1184f..f9074afb0 100644 --- a/src/providers/ldap/sdap_async_connection.c +++ b/src/providers/ldap/sdap_async_connection.c @@ -754,6 +754,12 @@ static void simple_bind_done(struct sdap_op *op, if (result == LDAP_SUCCESS) { ret = EOK; + } else if (result == LDAP_INVALID_CREDENTIALS + && errmsg != NULL && strstr(errmsg, "data 775,") != NULL) { + /* Value 775 is described in + * https://msdn.microsoft.com/en-us/library/windows/desktop/ms681386%28v=vs.85%29.aspx + * for more details please see commit message. */ + ret = ERR_ACCOUNT_LOCKED; } else { ret = ERR_AUTH_FAILED; } |