summaryrefslogtreecommitdiff
path: root/server/responder
diff options
context:
space:
mode:
authorSimo Sorce <ssorce@redhat.com>2009-10-12 16:05:44 -0400
committerStephen Gallagher <sgallagh@redhat.com>2009-10-15 07:44:45 -0400
commitb4ae1f2b47f16b7f497493d8cbead04070ce1af0 (patch)
tree5d1676e927baddd2fa4b98396022fd1a5b5d6e5c /server/responder
parent91f92358f790ddd2cf60b0b950d1d7fb586528f7 (diff)
downloadsssd-b4ae1f2b47f16b7f497493d8cbead04070ce1af0.tar.gz
sssd-b4ae1f2b47f16b7f497493d8cbead04070ce1af0.tar.bz2
sssd-b4ae1f2b47f16b7f497493d8cbead04070ce1af0.zip
Fix offline authentication
The way we were processing errors from the provider caused offline authentication to stop working. Previously the problem was masked by a bug in the data provider that always returned "Success" for any operation no matter what the actual return code was. when DP got removed the bug became evident.
Diffstat (limited to 'server/responder')
-rw-r--r--server/responder/pam/pamsrv_cmd.c19
1 files changed, 3 insertions, 16 deletions
diff --git a/server/responder/pam/pamsrv_cmd.c b/server/responder/pam/pamsrv_cmd.c
index 671dc087..cfc973d9 100644
--- a/server/responder/pam/pamsrv_cmd.c
+++ b/server/responder/pam/pamsrv_cmd.c
@@ -557,30 +557,17 @@ static void pam_check_user_dp_callback(uint16_t err_maj, uint32_t err_min,
const char *err_msg, void *ptr)
{
struct pam_auth_req *preq = talloc_get_type(ptr, struct pam_auth_req);
- struct ldb_result *res = NULL;
struct sysdb_ctx *sysdb;
int ret;
- if ((err_maj != DP_ERR_OK) && (err_maj != DP_ERR_OFFLINE)) {
+ if (err_maj) {
DEBUG(2, ("Unable to get information from Data Provider\n"
"Error: %u, %u, %s\n",
(unsigned int)err_maj, (unsigned int)err_min, err_msg));
- ret = EFAULT;
- goto done;
- }
-
- if (err_maj == DP_ERR_OFFLINE) {
- if (preq->data) res = talloc_get_type(preq->data, struct ldb_result);
- if (!res) res = talloc_zero(preq, struct ldb_result);
- if (!res) {
- ret = EFAULT;
- goto done;
- }
-
- pam_check_user_callback(preq, LDB_SUCCESS, res);
- return;
}
+ /* always try to see if we have the user in cache even if the provider
+ * returned an error */
ret = sysdb_get_ctx_from_list(preq->cctx->rctx->db_list,
preq->domain, &sysdb);
if (ret != EOK) {