summaryrefslogtreecommitdiff
path: root/source3/nsswitch
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2007-02-05 18:11:41 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:17:44 -0500
commit317d00514245097557c3c20c17e64d2d6a7f6aad (patch)
treeb38e3d2c1f0cbbf3359525ef053dc928739afb10 /source3/nsswitch
parent7440e4255ca74a550ae85b7f0629ef4fe74820cb (diff)
downloadsamba-317d00514245097557c3c20c17e64d2d6a7f6aad.tar.gz
samba-317d00514245097557c3c20c17e64d2d6a7f6aad.tar.bz2
samba-317d00514245097557c3c20c17e64d2d6a7f6aad.zip
r21161: Another fix for pam_winbind: Move the entire pwd expiry handling into
the PAM_SUCCESS block. Guenther (This used to be commit f4a704745cb0bd2c5dc2a9b16619d8ee30fd7ba1)
Diffstat (limited to 'source3/nsswitch')
-rw-r--r--source3/nsswitch/pam_winbind.c28
1 files changed, 14 insertions, 14 deletions
diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c
index 1a1d7ffcdd..1ee5dba457 100644
--- a/source3/nsswitch/pam_winbind.c
+++ b/source3/nsswitch/pam_winbind.c
@@ -1091,22 +1091,22 @@ static int winbind_auth_request(pam_handle_t * pamh,
PAM_WB_REMARK_CHECK_RESPONSE_RET(pamh, ctrl, response, "NT_STATUS_ACCESS_DENIED");
}
- /* warn a user if the password is about to expire soon */
- _pam_warn_password_expiry(pamh, ctrl, &response, &already_expired);
-
- if (already_expired == True) {
- _pam_log_debug(pamh, ctrl, LOG_DEBUG, "Password has expired "
- "(Password was last set: %d, the policy says "
- "it should expire here %d (now it's: %d)\n",
- response.data.auth.info3.pass_last_set_time,
- response.data.auth.info3.pass_last_set_time +
- response.data.auth.policy.expire,
- time(NULL));
+ if (ret == PAM_SUCCESS) {
- return PAM_AUTHTOK_EXPIRED;
- }
+ /* warn a user if the password is about to expire soon */
+ _pam_warn_password_expiry(pamh, ctrl, &response, &already_expired);
- if (ret == PAM_SUCCESS) {
+ if (already_expired == True) {
+ _pam_log_debug(pamh, ctrl, LOG_DEBUG, "Password has expired "
+ "(Password was last set: %d, the policy says "
+ "it should expire here %d (now it's: %d))\n",
+ response.data.auth.info3.pass_last_set_time,
+ response.data.auth.info3.pass_last_set_time +
+ response.data.auth.policy.expire,
+ time(NULL));
+
+ return PAM_AUTHTOK_EXPIRED;
+ }
/* inform about logon type */
_pam_warn_logon_type(pamh, ctrl, user, response.data.auth.info3.user_flgs);