diff options
-rw-r--r-- | source3/nsswitch/pam_winbind.c | 28 |
1 files changed, 14 insertions, 14 deletions
diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c index 1a1d7ffcdd..1ee5dba457 100644 --- a/source3/nsswitch/pam_winbind.c +++ b/source3/nsswitch/pam_winbind.c @@ -1091,22 +1091,22 @@ static int winbind_auth_request(pam_handle_t * pamh, PAM_WB_REMARK_CHECK_RESPONSE_RET(pamh, ctrl, response, "NT_STATUS_ACCESS_DENIED"); } - /* warn a user if the password is about to expire soon */ - _pam_warn_password_expiry(pamh, ctrl, &response, &already_expired); - - if (already_expired == True) { - _pam_log_debug(pamh, ctrl, LOG_DEBUG, "Password has expired " - "(Password was last set: %d, the policy says " - "it should expire here %d (now it's: %d)\n", - response.data.auth.info3.pass_last_set_time, - response.data.auth.info3.pass_last_set_time + - response.data.auth.policy.expire, - time(NULL)); + if (ret == PAM_SUCCESS) { - return PAM_AUTHTOK_EXPIRED; - } + /* warn a user if the password is about to expire soon */ + _pam_warn_password_expiry(pamh, ctrl, &response, &already_expired); - if (ret == PAM_SUCCESS) { + if (already_expired == True) { + _pam_log_debug(pamh, ctrl, LOG_DEBUG, "Password has expired " + "(Password was last set: %d, the policy says " + "it should expire here %d (now it's: %d))\n", + response.data.auth.info3.pass_last_set_time, + response.data.auth.info3.pass_last_set_time + + response.data.auth.policy.expire, + time(NULL)); + + return PAM_AUTHTOK_EXPIRED; + } /* inform about logon type */ _pam_warn_logon_type(pamh, ctrl, user, response.data.auth.info3.user_flgs); |