From 9549a5984b5b1d7106035d8126a3ead915b2129b Mon Sep 17 00:00:00 2001 From: Nathaniel McCallum Date: Thu, 13 Nov 2014 02:42:55 -0500 Subject: Expose the disabled User Auth Type Additionally, fix a small bug in ipa-kdb so that the disabled User Auth Type is properly handled. https://fedorahosted.org/freeipa/ticket/4720 Reviewed-By: Petr Vobornik --- daemons/ipa-kdb/ipa_kdb_principals.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'daemons/ipa-kdb/ipa_kdb_principals.c') diff --git a/daemons/ipa-kdb/ipa_kdb_principals.c b/daemons/ipa-kdb/ipa_kdb_principals.c index 9d43ebc66..828ba760c 100644 --- a/daemons/ipa-kdb/ipa_kdb_principals.c +++ b/daemons/ipa-kdb/ipa_kdb_principals.c @@ -324,17 +324,18 @@ static enum ipadb_user_auth ipadb_get_user_auth(struct ipadb_context *ipactx, enum ipadb_user_auth ua = IPADB_USER_AUTH_NONE; const struct ipadb_global_config *gcfg = NULL; - /* Get the user's user_auth settings. */ - ipadb_parse_user_auth(ipactx->lcontext, lentry, &ua); - /* Get the global user_auth settings. */ gcfg = ipadb_get_global_config(ipactx); if (gcfg != NULL) gua = gcfg->user_auth; - /* If the disabled flag is set, ignore everything else. */ - if ((ua | gua) & IPADB_USER_AUTH_DISABLED) - return IPADB_USER_AUTH_DISABLED; + /* Get the user's user_auth settings if not disabled. */ + if ((gua & IPADB_USER_AUTH_DISABLED) == 0) + ipadb_parse_user_auth(ipactx->lcontext, lentry, &ua); + + /* Filter out the disabled flag. */ + gua &= ~IPADB_USER_AUTH_DISABLED; + ua &= ~IPADB_USER_AUTH_DISABLED; /* Determine which user_auth policy is active: user or global. */ if (ua == IPADB_USER_AUTH_NONE) -- cgit