summaryrefslogtreecommitdiff
path: root/source3/nsswitch
diff options
context:
space:
mode:
Diffstat (limited to 'source3/nsswitch')
-rw-r--r--source3/nsswitch/pam_winbind.c28
1 files changed, 14 insertions, 14 deletions
diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c
index 1a1d7ffcdd..1ee5dba457 100644
--- a/source3/nsswitch/pam_winbind.c
+++ b/source3/nsswitch/pam_winbind.c
@@ -1091,22 +1091,22 @@ static int winbind_auth_request(pam_handle_t * pamh,
PAM_WB_REMARK_CHECK_RESPONSE_RET(pamh, ctrl, response, "NT_STATUS_ACCESS_DENIED");
}
- /* warn a user if the password is about to expire soon */
- _pam_warn_password_expiry(pamh, ctrl, &response, &already_expired);
-
- if (already_expired == True) {
- _pam_log_debug(pamh, ctrl, LOG_DEBUG, "Password has expired "
- "(Password was last set: %d, the policy says "
- "it should expire here %d (now it's: %d)\n",
- response.data.auth.info3.pass_last_set_time,
- response.data.auth.info3.pass_last_set_time +
- response.data.auth.policy.expire,
- time(NULL));
+ if (ret == PAM_SUCCESS) {
- return PAM_AUTHTOK_EXPIRED;
- }
+ /* warn a user if the password is about to expire soon */
+ _pam_warn_password_expiry(pamh, ctrl, &response, &already_expired);
- if (ret == PAM_SUCCESS) {
+ if (already_expired == True) {
+ _pam_log_debug(pamh, ctrl, LOG_DEBUG, "Password has expired "
+ "(Password was last set: %d, the policy says "
+ "it should expire here %d (now it's: %d))\n",
+ response.data.auth.info3.pass_last_set_time,
+ response.data.auth.info3.pass_last_set_time +
+ response.data.auth.policy.expire,
+ time(NULL));
+
+ return PAM_AUTHTOK_EXPIRED;
+ }
/* inform about logon type */
_pam_warn_logon_type(pamh, ctrl, user, response.data.auth.info3.user_flgs);