diff options
author | Pavel Březina <pbrezina@redhat.com> | 2013-06-17 10:31:02 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-06-17 19:56:32 +0200 |
commit | ee02e59e4d966f44c7a48ad04474156fc65d7006 (patch) | |
tree | 1b90d99d0ac120315ca0a028913e8a93081ac27c | |
parent | e23f790d0e38a8dce04560e34c189208d146ddd8 (diff) | |
download | sssd-ee02e59e4d966f44c7a48ad04474156fc65d7006.tar.gz sssd-ee02e59e4d966f44c7a48ad04474156fc65d7006.tar.bz2 sssd-ee02e59e4d966f44c7a48ad04474156fc65d7006.zip |
handle ERR_ACCOUNT_EXPIRED properly
https://fedorahosted.org/sssd/ticket/1953
-rw-r--r-- | src/providers/ad/ad_access.c | 4 | ||||
-rw-r--r-- | src/providers/ipa/ipa_access.c | 4 | ||||
-rw-r--r-- | src/providers/ldap/ldap_access.c | 6 |
3 files changed, 13 insertions, 1 deletions
diff --git a/src/providers/ad/ad_access.c b/src/providers/ad/ad_access.c index ef1775d7..4e4dc883 100644 --- a/src/providers/ad/ad_access.c +++ b/src/providers/ad/ad_access.c @@ -86,6 +86,10 @@ ad_access_done(struct tevent_req *req) pd->pam_status = PAM_PERM_DENIED; be_req_terminate(breq, DP_ERR_OK, PAM_PERM_DENIED, NULL); return; + case ERR_ACCOUNT_EXPIRED: + pd->pam_status = PAM_ACCT_EXPIRED; + be_req_terminate(breq, DP_ERR_OK, PAM_ACCT_EXPIRED, NULL); + return; default: /* Something went wrong */ pd->pam_status = PAM_SYSTEM_ERR; diff --git a/src/providers/ipa/ipa_access.c b/src/providers/ipa/ipa_access.c index 3760c6f7..58539f4c 100644 --- a/src/providers/ipa/ipa_access.c +++ b/src/providers/ipa/ipa_access.c @@ -129,6 +129,10 @@ static void ipa_hbac_check(struct tevent_req *req) pd->pam_status = PAM_PERM_DENIED; be_req_terminate(be_req, DP_ERR_OK, pd->pam_status, NULL); return; + case ERR_ACCOUNT_EXPIRED: + pd->pam_status = PAM_ACCT_EXPIRED; + be_req_terminate(be_req, DP_ERR_OK, pd->pam_status, NULL); + return; default: /* We got an unexpected error. Return it as-is */ pd->pam_status = PAM_SYSTEM_ERR; diff --git a/src/providers/ldap/ldap_access.c b/src/providers/ldap/ldap_access.c index 4a06e66b..bb5c37f4 100644 --- a/src/providers/ldap/ldap_access.c +++ b/src/providers/ldap/ldap_access.c @@ -34,7 +34,8 @@ static void sdap_access_reply(struct be_req *be_req, int pam_status) pd = talloc_get_type(be_req_get_data(be_req), struct pam_data); pd->pam_status = pam_status; - if (pam_status == PAM_SUCCESS || pam_status == PAM_PERM_DENIED) { + if (pam_status == PAM_SUCCESS || pam_status == PAM_PERM_DENIED + || pam_status == PAM_ACCT_EXPIRED) { be_req_terminate(be_req, DP_ERR_OK, pam_status, NULL); } else { be_req_terminate(be_req, DP_ERR_FATAL, pam_status, NULL); @@ -82,6 +83,9 @@ static void sdap_access_done(struct tevent_req *req) case ERR_ACCESS_DENIED: pam_status = PAM_PERM_DENIED; break; + case ERR_ACCOUNT_EXPIRED: + pam_status = PAM_ACCT_EXPIRED; + break; default: DEBUG(SSSDBG_CRIT_FAILURE, ("Error retrieving access check result.\n")); pam_status = PAM_SYSTEM_ERR; |