From 317d00514245097557c3c20c17e64d2d6a7f6aad Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 5 Feb 2007 18:11:41 +0000 Subject: r21161: Another fix for pam_winbind: Move the entire pwd expiry handling into the PAM_SUCCESS block. Guenther (This used to be commit f4a704745cb0bd2c5dc2a9b16619d8ee30fd7ba1) --- source3/nsswitch/pam_winbind.c | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c index 1a1d7ffcdd..1ee5dba457 100644 --- a/source3/nsswitch/pam_winbind.c +++ b/source3/nsswitch/pam_winbind.c @@ -1091,22 +1091,22 @@ static int winbind_auth_request(pam_handle_t * pamh, PAM_WB_REMARK_CHECK_RESPONSE_RET(pamh, ctrl, response, "NT_STATUS_ACCESS_DENIED"); } - /* warn a user if the password is about to expire soon */ - _pam_warn_password_expiry(pamh, ctrl, &response, &already_expired); - - if (already_expired == True) { - _pam_log_debug(pamh, ctrl, LOG_DEBUG, "Password has expired " - "(Password was last set: %d, the policy says " - "it should expire here %d (now it's: %d)\n", - response.data.auth.info3.pass_last_set_time, - response.data.auth.info3.pass_last_set_time + - response.data.auth.policy.expire, - time(NULL)); + if (ret == PAM_SUCCESS) { - return PAM_AUTHTOK_EXPIRED; - } + /* warn a user if the password is about to expire soon */ + _pam_warn_password_expiry(pamh, ctrl, &response, &already_expired); - if (ret == PAM_SUCCESS) { + if (already_expired == True) { + _pam_log_debug(pamh, ctrl, LOG_DEBUG, "Password has expired " + "(Password was last set: %d, the policy says " + "it should expire here %d (now it's: %d))\n", + response.data.auth.info3.pass_last_set_time, + response.data.auth.info3.pass_last_set_time + + response.data.auth.policy.expire, + time(NULL)); + + return PAM_AUTHTOK_EXPIRED; + } /* inform about logon type */ _pam_warn_logon_type(pamh, ctrl, user, response.data.auth.info3.user_flgs); -- cgit