diff options
-rw-r--r-- | src/providers/ipa/ipa_access.c | 26 | ||||
-rw-r--r-- | src/providers/ipa/ipa_auth.c | 2 |
2 files changed, 13 insertions, 15 deletions
diff --git a/src/providers/ipa/ipa_access.c b/src/providers/ipa/ipa_access.c index 895bd76d..3fb81918 100644 --- a/src/providers/ipa/ipa_access.c +++ b/src/providers/ipa/ipa_access.c @@ -1852,20 +1852,20 @@ static bool hbac_check_step_result(struct hbac_ctx *hbac_ctx, int ret) } ret = sdap_id_op_done(hbac_ctx_sdap_id_op(hbac_ctx), ret, &dp_error); - if (dp_error == DP_ERR_OFFLINE) { - /* switching to offline mode */ - talloc_zfree(hbac_ctx->sdap_op); - dp_error = DP_ERR_OK; - } - - if (dp_error == DP_ERR_OK) { - /* retry */ - ret = hbac_retry(hbac_ctx); - if (ret == EOK) { - return false; + if (ret != EOK) { + if (dp_error == DP_ERR_OFFLINE) { + /* switching to offline mode */ + talloc_zfree(hbac_ctx->sdap_op); + dp_error = DP_ERR_OK; } - dp_error = DP_ERR_FATAL; + if (dp_error == DP_ERR_OK) { + /* retry */ + ret = hbac_retry(hbac_ctx); + if (ret == EOK) { + return false; + } + } } ipa_access_reply(hbac_ctx, PAM_SYSTEM_ERR); @@ -1923,7 +1923,6 @@ static void hbac_get_host_info_done(struct tevent_req *req) ipa_hostname = dp_opt_get_cstring(hbac_ctx->ipa_options, IPA_HOSTNAME); if (ipa_hostname == NULL) { DEBUG(1, ("Missing ipa_hostname, this should never happen.\n")); - ret = EINVAL; goto fail; } @@ -1944,7 +1943,6 @@ static void hbac_get_host_info_done(struct tevent_req *req) } if (local_hhi == NULL) { DEBUG(1, ("Missing host info for [%s].\n", ipa_hostname)); - ret = EOK; pam_status = PAM_PERM_DENIED; goto fail; } diff --git a/src/providers/ipa/ipa_auth.c b/src/providers/ipa/ipa_auth.c index 2bd92ba7..2d91457d 100644 --- a/src/providers/ipa/ipa_auth.c +++ b/src/providers/ipa/ipa_auth.c @@ -188,7 +188,7 @@ static void get_password_migration_flag_done(struct tevent_req *subreq) } ret = sysdb_attrs_get_string(reply[0], IPA_CONFIG_MIRATION_ENABLED, &value); - if (strcasecmp(value, "true") == 0) { + if (ret == EOK && strcasecmp(value, "true") == 0) { state->password_migration = true; } |