summaryrefslogtreecommitdiff
path: root/src/db
diff options
context:
space:
mode:
authorSimo Sorce <simo@redhat.com>2012-11-21 16:52:33 -0500
committerJakub Hrozek <jhrozek@redhat.com>2013-03-04 23:40:25 +0100
commitab967283b710dfa05d11ee5b30c7ac916486ceec (patch)
tree636b0ded10d3a282cbd3c8ff88e9c94de60d26e3 /src/db
parent8bcabb97d988d1602882a1f036aac2eaf5e09234 (diff)
downloadsssd-ab967283b710dfa05d11ee5b30c7ac916486ceec.tar.gz
sssd-ab967283b710dfa05d11ee5b30c7ac916486ceec.tar.bz2
sssd-ab967283b710dfa05d11ee5b30c7ac916486ceec.zip
Use SSSD specific errors for offline auth
This prevents reportin false errors when internal functions return a generic EINVAL or EACCES that should just be treated as internal errors.
Diffstat (limited to 'src/db')
-rw-r--r--src/db/sysdb_ops.c17
1 files changed, 9 insertions, 8 deletions
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index 0fb8ed49..1f27af8d 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -2754,7 +2754,7 @@ errno_t check_failed_login_attempts(struct confdb_ctx *cdb,
if (ret != EOK) {
DEBUG(1, ("Failed to read the number of allowed failed login "
"attempts.\n"));
- ret = EIO;
+ ret = ERR_INTERNAL;
goto done;
}
ret = confdb_get_int(cdb, CONFDB_PAM_CONF_ENTRY,
@@ -2763,7 +2763,7 @@ errno_t check_failed_login_attempts(struct confdb_ctx *cdb,
&failed_login_delay);
if (ret != EOK) {
DEBUG(1, ("Failed to read the failed login delay.\n"));
- ret = EIO;
+ ret = ERR_INTERNAL;
goto done;
}
DEBUG(9, ("Failed login attempts [%d], allowed failed login attempts [%d], "
@@ -2781,12 +2781,12 @@ errno_t check_failed_login_attempts(struct confdb_ctx *cdb,
} else {
DEBUG(7, ("login delayed until %lld.\n", (long long) end));
*delayed_until = end;
- ret = EACCES;
+ ret = ERR_AUTH_DENIED;
goto done;
}
} else {
DEBUG(4, ("Too many failed logins.\n"));
- ret = EACCES;
+ ret = ERR_AUTH_DENIED;
goto done;
}
}
@@ -2862,6 +2862,7 @@ int sysdb_cache_auth(struct sysdb_ctx *sysdb,
if (ret != EOK) {
DEBUG(1, ("sysdb_search_user_by_name failed [%d][%s].\n",
ret, strerror(ret)));
+ if (ret == ENOENT) ret = ERR_ACCOUNT_UNKNOWN;
goto done;
}
@@ -2884,7 +2885,7 @@ int sysdb_cache_auth(struct sysdb_ctx *sysdb,
if (expire_date < time(NULL)) {
DEBUG(4, ("Cached user entry is too old.\n"));
expire_date = 0;
- ret = EACCES;
+ ret = ERR_CACHED_CREDS_EXPIRED;
goto done;
}
} else {
@@ -2903,14 +2904,14 @@ int sysdb_cache_auth(struct sysdb_ctx *sysdb,
userhash = ldb_msg_find_attr_as_string(ldb_msg, SYSDB_CACHEDPWD, NULL);
if (userhash == NULL || *userhash == '\0') {
DEBUG(4, ("Cached credentials not available.\n"));
- ret = ENOENT;
+ ret = ERR_NO_CACHED_CREDS;
goto done;
}
ret = s3crypt_sha512(tmp_ctx, password, userhash, &comphash);
if (ret) {
DEBUG(4, ("Failed to create password hash.\n"));
- ret = EFAULT;
+ ret = ERR_INTERNAL;
goto done;
}
@@ -2997,7 +2998,7 @@ done:
ret = EOK;
} else {
if (ret == EOK) {
- ret = EINVAL;
+ ret = ERR_AUTH_FAILED;
}
}
talloc_free(tmp_ctx);