diff options
author | Günther Deschner <gd@samba.org> | 2007-02-05 18:11:41 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:17:44 -0500 |
commit | 317d00514245097557c3c20c17e64d2d6a7f6aad (patch) | |
tree | b38e3d2c1f0cbbf3359525ef053dc928739afb10 /source3/nsswitch | |
parent | 7440e4255ca74a550ae85b7f0629ef4fe74820cb (diff) | |
download | samba-317d00514245097557c3c20c17e64d2d6a7f6aad.tar.gz samba-317d00514245097557c3c20c17e64d2d6a7f6aad.tar.bz2 samba-317d00514245097557c3c20c17e64d2d6a7f6aad.zip |
r21161: Another fix for pam_winbind: Move the entire pwd expiry handling into
the PAM_SUCCESS block.
Guenther
(This used to be commit f4a704745cb0bd2c5dc2a9b16619d8ee30fd7ba1)
Diffstat (limited to 'source3/nsswitch')
-rw-r--r-- | source3/nsswitch/pam_winbind.c | 28 |
1 files changed, 14 insertions, 14 deletions
diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c index 1a1d7ffcdd..1ee5dba457 100644 --- a/source3/nsswitch/pam_winbind.c +++ b/source3/nsswitch/pam_winbind.c @@ -1091,22 +1091,22 @@ static int winbind_auth_request(pam_handle_t * pamh, PAM_WB_REMARK_CHECK_RESPONSE_RET(pamh, ctrl, response, "NT_STATUS_ACCESS_DENIED"); } - /* warn a user if the password is about to expire soon */ - _pam_warn_password_expiry(pamh, ctrl, &response, &already_expired); - - if (already_expired == True) { - _pam_log_debug(pamh, ctrl, LOG_DEBUG, "Password has expired " - "(Password was last set: %d, the policy says " - "it should expire here %d (now it's: %d)\n", - response.data.auth.info3.pass_last_set_time, - response.data.auth.info3.pass_last_set_time + - response.data.auth.policy.expire, - time(NULL)); + if (ret == PAM_SUCCESS) { - return PAM_AUTHTOK_EXPIRED; - } + /* warn a user if the password is about to expire soon */ + _pam_warn_password_expiry(pamh, ctrl, &response, &already_expired); - if (ret == PAM_SUCCESS) { + if (already_expired == True) { + _pam_log_debug(pamh, ctrl, LOG_DEBUG, "Password has expired " + "(Password was last set: %d, the policy says " + "it should expire here %d (now it's: %d))\n", + response.data.auth.info3.pass_last_set_time, + response.data.auth.info3.pass_last_set_time + + response.data.auth.policy.expire, + time(NULL)); + + return PAM_AUTHTOK_EXPIRED; + } /* inform about logon type */ _pam_warn_logon_type(pamh, ctrl, user, response.data.auth.info3.user_flgs); |