On Fri, Feb 11, 2011 at 10:54:09AM -0500, Stephen Gallagher wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 02/11/2011 09:52 AM, Stephen Gallagher wrote:
> On 02/11/2011 09:31 AM, Simo Sorce wrote:
>> On Fri, 11 Feb 2011 09:02:37 -0500
>> Stephen Gallagher <sgallagh(a)redhat.com> wrote:
>
>>>>> New patch that also changes error codes.
>>>>
>>>>
>>>> Ack.
>>>>
>>>
>>>
>>> Revoking my ack. Further testing reveals that this broke something in
>>> pam_sss and auth is now failing.
>
>> Changing the error codes revealed an issue in the pam paths.
>> Updated patch to properly map errors from SST_STATUS_ errors to PAM_
>> errors and properly check for PAM_ errors in the caller instead of
>> NSS_STATUS_ errors.
>
>
> Nack. This fixed an obvious bug, but it's not the one breaking auth.
>
Turns out that this was in fact the right bug, but a missing "break"
caused it to fall through to failure anyway.
Attached a new patch with a fix for this, as well as a clean up of our
variable usage in that function (forcing too many different return types
into the 'ret' variable is a recipe for mistakes)
passes my tests.
ACK
bye,
Sumit
- --
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora -
http://enigmail.mozdev.org/
iEYEARECAAYFAk1VW6EACgkQeiVVYja6o6PtUQCgk+OMHDU1oubNwLdA4WZDANUY
PaAAn2xYb82Xxw649eTXw6Xcf+mxiOqt
=UDFV
-----END PGP SIGNATURE-----