[Freeipa-devel] [PATCH 0034] Deny LDAP binds for user accounts with expired principal
Alexander Bokovoy
abokovoy at redhat.com
Mon May 5 16:07:31 UTC 2014
On Mon, 05 May 2014, Alexander Bokovoy wrote:
>On Wed, 30 Apr 2014, Tomas Babej wrote:
>>>>>+ if (current_time > expire_time && expire_time > 0) {
>>>>>+ LOG_FATAL("kerberos principal in %s is
>>>>>expired\n", dn);
>>>>>+ errMesg = "Kerberos principal is expired.";
>>>>>+ auth_failed = true;
>>>>>+ goto done;
>>>>>+ }
>>>>>+ }
>>>>I think indenting is broken for these two brackets.
>>>>
>>>>
>>>Thanks Alexander, fixed.
>>>
>>>Updated version attached.
>>>
>>>Tomas
>>
>>This version is rebased on top of OTP patches, addresses Simo's comments
>>and brings unit tests to cover the functionality (however, they need to
>>be applied on top of my patches 183-185).
>Tested, works fine.
>
>I've pushed the main patch to master. The tests will be pushed after the
>dependency patches will be pushed.
Pushed patch 186 to master
* 004071a24626195994265b1bcc3ac616bb09d795 ipatests: Add test for denying expired principals
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list