summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichal Zidek <mzidek@redhat.com>2013-08-09 15:17:48 -0400
committerJakub Hrozek <jhrozek@redhat.com>2013-08-11 22:35:53 +0200
commit08621da018967898b21739e24eff173c18ecdd91 (patch)
treed02eb6a7bb257cc7508bf1538c78529b9ce5a541
parentdf4bb9a21df03787383b8f684afbe04750368280 (diff)
downloadsssd-1.9.2-120.el6.tar.gz
sssd-1.9.2-120.el6.tar.xz
sssd-1.9.2-120.el6.zip
ldap, krb5: More descriptive msg on chpass failure.sssd-1.9.2-120.el6
Print more descriptive message when wrong current password is given during password change operation. resolves: https://fedorahosted.org/sssd/ticket/2029
-rw-r--r--src/providers/krb5/krb5_child.c16
-rw-r--r--src/providers/ldap/ldap_auth.c15
2 files changed, 31 insertions, 0 deletions
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c
index cd6f7e34a..73575b88b 100644
--- a/src/providers/krb5/krb5_child.c
+++ b/src/providers/krb5/krb5_child.c
@@ -1079,6 +1079,8 @@ static errno_t changepw_child(int fd, struct krb5_req *kr)
const char *realm_name;
int realm_length;
krb5_get_init_creds_opt *chagepw_options;
+ size_t msg_len;
+ uint8_t *msg;
DEBUG(SSSDBG_TRACE_LIBS, ("Password change operation\n"));
@@ -1117,6 +1119,20 @@ static errno_t changepw_child(int fd, struct krb5_req *kr)
chagepw_options);
sss_krb5_get_init_creds_opt_free(kr->ctx, chagepw_options);
if (kerr != 0) {
+ ret = pack_user_info_chpass_error(kr->pd, "Old password not accepted.",
+ &msg_len, &msg);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ ("pack_user_info_chpass_error failed.\n"));
+ } else {
+ ret = pam_add_response(kr->pd, SSS_PAM_USER_INFO, msg_len,
+ msg);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ ("pam_add_response failed.\n"));
+ }
+ }
+
pam_status = kerr_handle_error(kerr);
goto sendresponse;
}
diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c
index 6aba14c96..805282300 100644
--- a/src/providers/ldap/ldap_auth.c
+++ b/src/providers/ldap/ldap_auth.c
@@ -815,6 +815,8 @@ static void sdap_auth4chpass_done(struct tevent_req *req)
void *pw_expire_data;
int dp_err = DP_ERR_FATAL;
int ret;
+ size_t msg_len;
+ uint8_t *msg;
ret = auth_recv(req, state, &state->sh,
&result, &state->dn,
@@ -899,6 +901,19 @@ static void sdap_auth4chpass_done(struct tevent_req *req)
break;
case SDAP_AUTH_FAILED:
state->pd->pam_status = PAM_AUTH_ERR;
+ ret = pack_user_info_chpass_error(state->pd, "Old password not accepted.",
+ &msg_len, &msg);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ ("pack_user_info_chpass_error failed.\n"));
+ } else {
+ ret = pam_add_response(state->pd, SSS_PAM_USER_INFO, msg_len,
+ msg);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("pam_add_response failed.\n"));
+ }
+ }
+
break;
case SDAP_UNAVAIL:
state->pd->pam_status = PAM_AUTHINFO_UNAVAIL;