summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPavel Březina <pbrezina@redhat.com>2013-06-17 10:31:02 +0200
committerJakub Hrozek <jhrozek@redhat.com>2013-06-17 19:56:32 +0200
commitee02e59e4d966f44c7a48ad04474156fc65d7006 (patch)
tree1b90d99d0ac120315ca0a028913e8a93081ac27c
parente23f790d0e38a8dce04560e34c189208d146ddd8 (diff)
downloadsssd-ee02e59e4d966f44c7a48ad04474156fc65d7006.tar.gz
sssd-ee02e59e4d966f44c7a48ad04474156fc65d7006.tar.bz2
sssd-ee02e59e4d966f44c7a48ad04474156fc65d7006.zip
handle ERR_ACCOUNT_EXPIRED properly
https://fedorahosted.org/sssd/ticket/1953
-rw-r--r--src/providers/ad/ad_access.c4
-rw-r--r--src/providers/ipa/ipa_access.c4
-rw-r--r--src/providers/ldap/ldap_access.c6
3 files changed, 13 insertions, 1 deletions
diff --git a/src/providers/ad/ad_access.c b/src/providers/ad/ad_access.c
index ef1775d7..4e4dc883 100644
--- a/src/providers/ad/ad_access.c
+++ b/src/providers/ad/ad_access.c
@@ -86,6 +86,10 @@ ad_access_done(struct tevent_req *req)
pd->pam_status = PAM_PERM_DENIED;
be_req_terminate(breq, DP_ERR_OK, PAM_PERM_DENIED, NULL);
return;
+ case ERR_ACCOUNT_EXPIRED:
+ pd->pam_status = PAM_ACCT_EXPIRED;
+ be_req_terminate(breq, DP_ERR_OK, PAM_ACCT_EXPIRED, NULL);
+ return;
default:
/* Something went wrong */
pd->pam_status = PAM_SYSTEM_ERR;
diff --git a/src/providers/ipa/ipa_access.c b/src/providers/ipa/ipa_access.c
index 3760c6f7..58539f4c 100644
--- a/src/providers/ipa/ipa_access.c
+++ b/src/providers/ipa/ipa_access.c
@@ -129,6 +129,10 @@ static void ipa_hbac_check(struct tevent_req *req)
pd->pam_status = PAM_PERM_DENIED;
be_req_terminate(be_req, DP_ERR_OK, pd->pam_status, NULL);
return;
+ case ERR_ACCOUNT_EXPIRED:
+ pd->pam_status = PAM_ACCT_EXPIRED;
+ be_req_terminate(be_req, DP_ERR_OK, pd->pam_status, NULL);
+ return;
default:
/* We got an unexpected error. Return it as-is */
pd->pam_status = PAM_SYSTEM_ERR;
diff --git a/src/providers/ldap/ldap_access.c b/src/providers/ldap/ldap_access.c
index 4a06e66b..bb5c37f4 100644
--- a/src/providers/ldap/ldap_access.c
+++ b/src/providers/ldap/ldap_access.c
@@ -34,7 +34,8 @@ static void sdap_access_reply(struct be_req *be_req, int pam_status)
pd = talloc_get_type(be_req_get_data(be_req), struct pam_data);
pd->pam_status = pam_status;
- if (pam_status == PAM_SUCCESS || pam_status == PAM_PERM_DENIED) {
+ if (pam_status == PAM_SUCCESS || pam_status == PAM_PERM_DENIED
+ || pam_status == PAM_ACCT_EXPIRED) {
be_req_terminate(be_req, DP_ERR_OK, pam_status, NULL);
} else {
be_req_terminate(be_req, DP_ERR_FATAL, pam_status, NULL);
@@ -82,6 +83,9 @@ static void sdap_access_done(struct tevent_req *req)
case ERR_ACCESS_DENIED:
pam_status = PAM_PERM_DENIED;
break;
+ case ERR_ACCOUNT_EXPIRED:
+ pam_status = PAM_ACCT_EXPIRED;
+ break;
default:
DEBUG(SSSDBG_CRIT_FAILURE, ("Error retrieving access check result.\n"));
pam_status = PAM_SYSTEM_ERR;