On 08/05/2016 11:48 AM, Pavel Březina wrote:
On 08/02/2016 10:19 AM, Petr Cech wrote:
Hello list,
the attached patch fixes:
https://fedorahosted.org/sssd/ticket/3109
There was missing condition for offline state of sssd at ldap code for
password changing. If sssd is offline it returns PAM_AUTHINFO_UNAVAIL
now and not PAM_PERM_DENIED.
Regards
Hi, use be_is_offline() please.
Thanks, Pavel, I didn't see this little nice function. :-)
Regards
--
Petr^4 Čech
>From 3b96141e96dcfb506cdffd870fa8bbed5440a786 Mon Sep 17 00:00:00 2001
From: Petr Cech <[email protected]>
Date: Tue, 2 Aug 2016 10:11:14 +0200
Subject: [PATCH] LDAP: Fixing wrong pam error code for passwd
This patch adds right pam error code for sssd offline state.
Resolves:
https://fedorahosted.org/sssd/ticket/3109
---
src/providers/ldap/ldap_auth.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c
index 107f6ded1a903904e088f0b6b0320fe82a52af52..35f16b0d4a6f8e566b0cf63b65ba46f31e7c1bcd 100644
--- a/src/providers/ldap/ldap_auth.c
+++ b/src/providers/ldap/ldap_auth.c
@@ -1101,6 +1101,11 @@ sdap_pam_chpass_handler_send(TALLOC_CTX *mem_ctx,
state->auth_ctx = auth_ctx;
state->ev = params->ev;
+ if (be_is_offline(state->be_ctx)) {
+ pd->pam_status = PAM_AUTHINFO_UNAVAIL;
+ goto immediately;
+ }
+
if ((pd->priv == 1) && (pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM) &&
(sss_authtok_get_type(pd->authtok) != SSS_AUTHTOK_TYPE_PASSWORD)) {
DEBUG(SSSDBG_CONF_SETTINGS,
--
2.7.4
_______________________________________________
sssd-devel mailing list
[email protected]
https://lists.fedorahosted.org/admin/lists/[email protected]
