diff options
author | Nathaniel McCallum <npmccallum@redhat.com> | 2014-11-13 02:42:55 -0500 |
---|---|---|
committer | Petr Vobornik <pvoborni@redhat.com> | 2015-02-12 10:31:24 +0100 |
commit | 9549a5984b5b1d7106035d8126a3ead915b2129b (patch) | |
tree | d05a9db3eab30231d8949a40fd2c9190f2f9276d /daemons | |
parent | c438d9be9152d64408e8e39ba4ebe696d0d4fe94 (diff) | |
download | freeipa-9549a5984b5b1d7106035d8126a3ead915b2129b.tar.gz freeipa-9549a5984b5b1d7106035d8126a3ead915b2129b.tar.xz freeipa-9549a5984b5b1d7106035d8126a3ead915b2129b.zip |
Expose the disabled User Auth Type
Additionally, fix a small bug in ipa-kdb so that the disabled User
Auth Type is properly handled.
https://fedorahosted.org/freeipa/ticket/4720
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Diffstat (limited to 'daemons')
-rw-r--r-- | daemons/ipa-kdb/ipa_kdb_principals.c | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/daemons/ipa-kdb/ipa_kdb_principals.c b/daemons/ipa-kdb/ipa_kdb_principals.c index 9d43ebc66..828ba760c 100644 --- a/daemons/ipa-kdb/ipa_kdb_principals.c +++ b/daemons/ipa-kdb/ipa_kdb_principals.c @@ -324,17 +324,18 @@ static enum ipadb_user_auth ipadb_get_user_auth(struct ipadb_context *ipactx, enum ipadb_user_auth ua = IPADB_USER_AUTH_NONE; const struct ipadb_global_config *gcfg = NULL; - /* Get the user's user_auth settings. */ - ipadb_parse_user_auth(ipactx->lcontext, lentry, &ua); - /* Get the global user_auth settings. */ gcfg = ipadb_get_global_config(ipactx); if (gcfg != NULL) gua = gcfg->user_auth; - /* If the disabled flag is set, ignore everything else. */ - if ((ua | gua) & IPADB_USER_AUTH_DISABLED) - return IPADB_USER_AUTH_DISABLED; + /* Get the user's user_auth settings if not disabled. */ + if ((gua & IPADB_USER_AUTH_DISABLED) == 0) + ipadb_parse_user_auth(ipactx->lcontext, lentry, &ua); + + /* Filter out the disabled flag. */ + gua &= ~IPADB_USER_AUTH_DISABLED; + ua &= ~IPADB_USER_AUTH_DISABLED; /* Determine which user_auth policy is active: user or global. */ if (ua == IPADB_USER_AUTH_NONE) |