diff options
Diffstat (limited to 'security/sssd/files/patch-src__providers__ldap__ldap_auth.c')
-rw-r--r-- | security/sssd/files/patch-src__providers__ldap__ldap_auth.c | 152 |
1 files changed, 111 insertions, 41 deletions
diff --git a/security/sssd/files/patch-src__providers__ldap__ldap_auth.c b/security/sssd/files/patch-src__providers__ldap__ldap_auth.c index c2dd1328a508..ae1bfc922d00 100644 --- a/security/sssd/files/patch-src__providers__ldap__ldap_auth.c +++ b/security/sssd/files/patch-src__providers__ldap__ldap_auth.c @@ -1,4 +1,6 @@ ---- src/providers/ldap/ldap_auth.c.orig 2014-09-17 13:01:37 UTC +diff --git src/providers/ldap/ldap_auth.c src/providers/ldap/ldap_auth.c +index de22689ae..fdfd67cf4 100644 +--- src/providers/ldap/ldap_auth.c +++ src/providers/ldap/ldap_auth.c @@ -37,7 +37,6 @@ #include <sys/time.h> @@ -8,9 +10,9 @@ #include <security/pam_modules.h> #include "util/util.h" -@@ -56,6 +55,22 @@ enum pwexpire { - PWEXPIRE_SHADOW - }; +@@ -52,6 +51,22 @@ + + #define LDAP_PWEXPIRE_WARNING_TIME 0 +struct spwd +{ @@ -31,20 +33,9 @@ static errno_t add_expired_warning(struct pam_data *pd, long exp_time) { int ret; -@@ -109,6 +124,7 @@ static errno_t check_pwexpire_kerberos(const char *exp - return EINVAL; - } - -+ tzset(); - expire_time = mktime(&tm); - if (expire_time == -1) { - DEBUG(SSSDBG_CRIT_FAILURE, -@@ -116,12 +132,10 @@ static errno_t check_pwexpire_kerberos(const char *exp - return EINVAL; +@@ -97,9 +112,9 @@ static errno_t check_pwexpire_kerberos(const char *expire_date, time_t now, } -- tzset(); -- expire_time -= timezone; DEBUG(SSSDBG_TRACE_ALL, - "Time info: tzname[0] [%s] tzname[1] [%s] timezone [%ld] " - "daylight [%d] now [%ld] expire_time [%ld].\n", tzname[0], @@ -55,7 +46,59 @@ if (difftime(now, expire_time) > 0.0) { DEBUG(SSSDBG_CONF_SETTINGS, "Kerberos password expired.\n"); -@@ -924,7 +938,7 @@ void sdap_pam_chpass_handler(struct be_req *breq) +@@ -946,14 +961,14 @@ sdap_pam_auth_handler_send(TALLOC_CTX *mem_ctx, + + state->pd = pd; + state->be_ctx = params->be_ctx; +- pd->pam_status = PAM_SYSTEM_ERR; ++ pd->pam_status = PAM_SERVICE_ERR; + + switch (pd->cmd) { + case SSS_PAM_AUTHENTICATE: + subreq = auth_send(state, params->ev, auth_ctx, + pd->user, pd->authtok, false); + if (subreq == NULL) { +- pd->pam_status = PAM_SYSTEM_ERR; ++ pd->pam_status = PAM_SERVICE_ERR; + goto immediately; + } + +@@ -963,14 +978,14 @@ sdap_pam_auth_handler_send(TALLOC_CTX *mem_ctx, + subreq = auth_send(state, params->ev, auth_ctx, + pd->user, pd->authtok, true); + if (subreq == NULL) { +- pd->pam_status = PAM_SYSTEM_ERR; ++ pd->pam_status = PAM_SERVICE_ERR; + goto immediately; + } + + tevent_req_set_callback(subreq, sdap_pam_auth_handler_done, req); + break; + case SSS_PAM_CHAUTHTOK: +- pd->pam_status = PAM_SYSTEM_ERR; ++ pd->pam_status = PAM_SERVICE_ERR; + goto immediately; + + case SSS_PAM_ACCT_MGMT: +@@ -1015,7 +1030,7 @@ static void sdap_pam_auth_handler_done(struct tevent_req *subreq) + state->be_ctx->domain->pwd_expiration_warning); + if (ret == EINVAL) { + /* Unknown password expiration type. */ +- state->pd->pam_status = PAM_SYSTEM_ERR; ++ state->pd->pam_status = PAM_SERVICE_ERR; + goto done; + } + } +@@ -1049,7 +1064,7 @@ static void sdap_pam_auth_handler_done(struct tevent_req *subreq) + state->pd->pam_status = PAM_BAD_ITEM; + break; + default: +- state->pd->pam_status = PAM_SYSTEM_ERR; ++ state->pd->pam_status = PAM_SERVICE_ERR; + break; + } + +@@ -1271,7 +1286,7 @@ sdap_pam_chpass_handler_send(TALLOC_CTX *mem_ctx, DEBUG(SSSDBG_OP_FAILURE, "starting password change request for user [%s].\n", pd->user); @@ -64,16 +107,61 @@ if (pd->cmd != SSS_PAM_CHAUTHTOK && pd->cmd != SSS_PAM_CHAUTHTOK_PRELIM) { DEBUG(SSSDBG_OP_FAILURE, -@@ -1069,7 +1083,7 @@ static void sdap_auth4chpass_done(struct tevent_req *r - dp_err = DP_ERR_OFFLINE; +@@ -1282,7 +1297,7 @@ sdap_pam_chpass_handler_send(TALLOC_CTX *mem_ctx, + subreq = auth_send(state, params->ev, auth_ctx, + pd->user, pd->authtok, true); + if (subreq == NULL) { +- pd->pam_status = PAM_SYSTEM_ERR; ++ pd->pam_status = PAM_SERVICE_ERR; + goto immediately; + } + +@@ -1335,7 +1350,7 @@ static void sdap_pam_chpass_handler_auth_done(struct tevent_req *subreq) + if (ret == ERR_PASSWORD_EXPIRED) { + DEBUG(SSSDBG_CRIT_FAILURE, "LDAP provider cannot change " + "kerberos passwords.\n"); +- state->pd->pam_status = PAM_SYSTEM_ERR; ++ state->pd->pam_status = PAM_SERVICE_ERR; + goto done; + } + break; +@@ -1344,7 +1359,7 @@ static void sdap_pam_chpass_handler_auth_done(struct tevent_req *subreq) + break; + default: + DEBUG(SSSDBG_CRIT_FAILURE, "Unknown password expiration type.\n"); +- state->pd->pam_status = PAM_SYSTEM_ERR; ++ state->pd->pam_status = PAM_SERVICE_ERR; + goto done; + } + } +@@ -1369,7 +1384,7 @@ static void sdap_pam_chpass_handler_auth_done(struct tevent_req *subreq) + if (subreq == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "Failed to change password for " + "%s\n", state->pd->user); +- state->pd->pam_status = PAM_SYSTEM_ERR; ++ state->pd->pam_status = PAM_SERVICE_ERR; + goto done; + } + +@@ -1401,7 +1416,7 @@ static void sdap_pam_chpass_handler_auth_done(struct tevent_req *subreq) + be_mark_offline(state->be_ctx); + break; + default: +- state->pd->pam_status = PAM_SYSTEM_ERR; ++ state->pd->pam_status = PAM_SERVICE_ERR; + break; + } + +@@ -1437,7 +1452,7 @@ static void sdap_pam_chpass_handler_chpass_done(struct tevent_req *subreq) + state->pd->pam_status = PAM_AUTHTOK_ERR; break; default: - state->pd->pam_status = PAM_SYSTEM_ERR; + state->pd->pam_status = PAM_SERVICE_ERR; + break; } - done: -@@ -1131,7 +1145,7 @@ static void sdap_pam_chpass_done(struct tevent_req *re +@@ -1463,7 +1478,7 @@ static void sdap_pam_chpass_handler_chpass_done(struct tevent_req *subreq) state->sh, state->dn, lastchanged_name); if (subreq == NULL) { @@ -82,30 +170,12 @@ goto done; } -@@ -1152,7 +1166,7 @@ static void sdap_lastchange_done(struct tevent_req *re +@@ -1489,7 +1504,7 @@ static void sdap_pam_chpass_handler_last_done(struct tevent_req *subreq) + talloc_free(subreq); - ret = sdap_modify_shadow_lastchange_recv(req); if (ret != EOK) { - state->pd->pam_status = PAM_SYSTEM_ERR; + state->pd->pam_status = PAM_SERVICE_ERR; goto done; } -@@ -1193,7 +1207,7 @@ void sdap_pam_auth_handler(struct be_req *breq) - goto done; - } - -- pd->pam_status = PAM_SYSTEM_ERR; -+ pd->pam_status = PAM_SERVICE_ERR; - - switch (pd->cmd) { - case SSS_PAM_AUTHENTICATE: -@@ -1291,7 +1305,7 @@ static void sdap_pam_auth_done(struct tevent_req *req) - state->pd->pam_status = PAM_NEW_AUTHTOK_REQD; - break; - default: -- state->pd->pam_status = PAM_SYSTEM_ERR; -+ state->pd->pam_status = PAM_SERVICE_ERR; - dp_err = DP_ERR_FATAL; - } - |