diff options
Diffstat (limited to 'daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c')
-rw-r--r-- | daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c | 27 |
1 files changed, 23 insertions, 4 deletions
diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c index 68d1703b5..91ef0208c 100644 --- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c +++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c @@ -120,6 +120,24 @@ static int filter_keys(struct ipapwd_krbcfg *krbcfg, return 0; } +static int ipapwd_to_ldap_pwpolicy_error(int ipapwderr) +{ + switch (ipapwderr) { + case IPAPWD_POLICY_ACCOUNT_EXPIRED: + return LDAP_PWPOLICY_PWDMODNOTALLOWED; + case IPAPWD_POLICY_PWD_TOO_YOUNG: + return LDAP_PWPOLICY_PWDTOOYOUNG; + case IPAPWD_POLICY_PWD_TOO_SHORT: + return LDAP_PWPOLICY_PWDTOOSHORT; + case IPAPWD_POLICY_PWD_IN_HISTORY: + return LDAP_PWPOLICY_PWDINHISTORY; + case IPAPWD_POLICY_PWD_COMPLEXITY: + return LDAP_PWPOLICY_INVALIDPWDSYNTAX; + } + /* in case of unhandled error return access denied */ + return LDAP_PWPOLICY_PWDMODNOTALLOWED; +} + static int ipapwd_chpwop(Slapi_PBlock *pb, struct ipapwd_krbcfg *krbcfg) { @@ -374,12 +392,13 @@ parse_req_done: ret = ipapwd_CheckPolicy(&pwdata); if (ret) { errMesg = "Password Fails to meet minimum strength criteria"; - if (ret & IPAPWD_POLICY_ERROR) { - slapi_pwpolicy_make_response_control(pb, -1, -1, ret & IPAPWD_POLICY_MASK); - rc = LDAP_CONSTRAINT_VIOLATION; - } else { + if (ret == IPAPWD_POLICY_ERROR) { errMesg = "Internal error"; rc = ret; + } else { + ret = ipapwd_to_ldap_pwpolicy_error(ret); + slapi_pwpolicy_make_response_control(pb, -1, -1, ret); + rc = LDAP_CONSTRAINT_VIOLATION; } goto free_and_return; } |