From ee210ca353902592cf60e3e7a1c7b82e2b5cec1d Mon Sep 17 00:00:00 2001
From: Martin Willi <martin@strongswan.org>
Date: Wed, 27 Aug 2008 13:48:54 +0000
Subject: check user account validity after PAM authentication

---
 src/charon/plugins/eap_gtc/eap_gtc.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/charon/plugins/eap_gtc/eap_gtc.c b/src/charon/plugins/eap_gtc/eap_gtc.c
index 5f6f65568..0a93a90f6 100644
--- a/src/charon/plugins/eap_gtc/eap_gtc.c
+++ b/src/charon/plugins/eap_gtc/eap_gtc.c
@@ -120,7 +120,16 @@ static bool authenticate(char *service, char *user, char *password)
 		return FALSE;
 	}
 	ret = pam_authenticate(pamh, 0);
-	if (ret != PAM_SUCCESS)
+	if (ret == PAM_SUCCESS)
+	{
+		ret = pam_acct_mgmt(pamh, 0);
+		if (ret != PAM_SUCCESS)
+		{
+			DBG1(DBG_IKE, "EAP-GTC pam_acct_mgmt failed: %s",
+				 pam_strerror(pamh, ret));
+		}
+	}
+	else
 	{
 		DBG1(DBG_IKE, "EAP-GTC pam_authenticate failed: %s",
 			 pam_strerror(pamh, ret));
-- 
cgit v1.2.3