From d10350e1854cd2156567f058f5a76041994e7f2b Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Thu, 8 Mar 2012 15:19:07 -0500
Subject: IPA: Check nsAccountLock during PAM_ACCT_MGMT

https://fedorahosted.org/sssd/ticket/1227
---
 src/providers/ipa/ipa_init.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'src/providers/ipa/ipa_init.c')

diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c
index bb85632d..fca23f34 100644
--- a/src/providers/ipa/ipa_init.c
+++ b/src/providers/ipa/ipa_init.c
@@ -36,6 +36,7 @@
 #include "providers/ipa/ipa_hostid.h"
 #include "providers/ipa/ipa_dyndns.h"
 #include "providers/ipa/ipa_session.h"
+#include "providers/ldap/sdap_access.h"
 
 struct ipa_options *ipa_options = NULL;
 
@@ -398,6 +399,16 @@ int sssm_ipa_access_init(struct be_ctx *bectx,
         goto done;
     }
 
+    /* Set up an sdap_access_ctx for checking expired/locked
+     * accounts.
+     */
+    ipa_access_ctx->sdap_access_ctx =
+            talloc_zero(ipa_access_ctx, struct sdap_access_ctx);
+
+    ipa_access_ctx->sdap_access_ctx->id_ctx = ipa_access_ctx->sdap_ctx;
+    ipa_access_ctx->sdap_access_ctx->access_rule[0] = LDAP_ACCESS_EXPIRE;
+    ipa_access_ctx->sdap_access_ctx->access_rule[1] = LDAP_ACCESS_EMPTY;
+
     *ops = &ipa_access_ops;
     *pvt_data = ipa_access_ctx;
 
-- 
cgit