On 04/17/2013 11:39 AM, Jakub Hrozek wrote:
Hi,
I took a look into converting the simple access provider to use the new
error codes and I think a patch might not even be needed. The current
request returns errno on error and boolean for access granted/denied.
I think the boolean is actually nice in the case and converting to
ERR_ACCESS_DENIED instead of false doesn't make much sense.
The attached patch just makes the top-level request called by the DP
handler return ERR_ACCOUNT_UNKNOWN in case the user passed via struct
pam_data does not exist in sysdb and ERR_INTERNAL instead of EIO for
internal errors. It would make the error reporting somewhat nicer, I
think, but even if we drop the patch I would like to close
https://fedorahosted.org/sssd/ticket/453
Nack.
You need to use sss_strerror() when dealing with new error codes.
@@ -629,11 +631,15 @@ struct tevent_req *simple_access_check_send(TALLOC_CTX
*mem_ctx,
DEBUG(SSSDBG_FUNC_DATA, ("Simple access check for %s\n", username));
ret = simple_check_users(ctx, username, &state->access_granted);
- if (ret != EAGAIN) {
- /* Both access denied and an error */
+ if (ret != EOK && ret != EAGAIN) {
+ ret = ERR_INTERNAL;
+ goto immediate;
+ } else if (ret == EOK) {
goto immediate;
}
How about
if (ret == EOK) {
goto immediate;
} else if (ret != EAGAIN) {
ret = ERR_INTERNAL;
goto immediate;
}
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
