Commit d1799a50 authored by Ondřej Kuzník's avatar Ondřej Kuzník Committed by Quanah Gibson-Mount
Browse files

ITS#7596 Report correct number of grace authentications left

parent 3925b8e0
......@@ -703,7 +703,7 @@ create_passcontrol( Operation *op, int exptime, int grace, LDAPPasswordPolicyErr
}
ber_printf( ber, "tO", PPOLICY_WARNING, &bv );
ch_free( bv.bv_val );
} else if ( grace > 0 ) {
} else if ( grace >= 0 ) {
ber_init2( b2, NULL, LBER_USE_DER );
ber_printf( b2, "ti", PPOLICY_GRACE, grace );
rc = ber_flatten2( b2, &bv, 1 );
......@@ -1658,8 +1658,10 @@ grace:
Debug( LDAP_DEBUG_ANY,
"ppolicy_bind: Entry %s has an expired password: %d grace logins\n",
e->e_name.bv_val, ngut );
if (ngut < 1) {
ngut--;
if (ngut < 0) {
ppb->pErr = PP_passwordExpired;
rs->sr_err = LDAP_INVALID_CREDENTIALS;
goto done;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment