Improve error message for LDAP password constraint violation

https://fedorahosted.org/sssd/ticket/985
author: Jakub Hrozek <jhrozek@redhat.com> 2011-09-06 10:55:15 +0200
committer: Stephen Gallagher <sgallagh@redhat.com> 2011-09-06 14:51:45 -0400
commit: cd5b718ebeab1c923af7a5c3c0a5c717c5659c7d (patch)
tree: 9371901027fc5eaa53fef2d86dd2336c0fb49083 /src/providers/ldap/ldap_auth.c
parent: 4e3495b3b8927a282adc48cc80f0611ecf79821b (diff)
download: sssd-cd5b718ebeab1c923af7a5c3c0a5c717c5659c7d.tar.gz
sssd-cd5b718ebeab1c923af7a5c3c0a5c717c5659c7d.tar.xz
sssd-cd5b718ebeab1c923af7a5c3c0a5c717c5659c7d.zip
1 files changed, 16 insertions, 11 deletions
diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c
index ef4477cf0..390ea8bc3 100644
--- a/src/providers/ldap/ldap_auth.c
+++ b/src/providers/ldap/ldap_auth.c
@@ -904,7 +904,7 @@ static void sdap_pam_chpass_done(struct tevent_req *req)
 
     ret = sdap_exop_modify_passwd_recv(req, state, &result, &user_error_message);
     talloc_zfree(req);
-    if (ret) {
+    if (ret && ret != EIO) {
         state->pd->pam_status = PAM_SYSTEM_ERR;
         goto done;
     }
@@ -914,19 +914,24 @@ static void sdap_pam_chpass_done(struct tevent_req *req)
         state->pd->pam_status = PAM_SUCCESS;
         dp_err = DP_ERR_OK;
         break;
+    case SDAP_AUTH_PW_CONSTRAINT_VIOLATION:
+        state->pd->pam_status = PAM_NEW_AUTHTOK_REQD;
+        break;
     default:
         state->pd->pam_status = PAM_AUTHTOK_ERR;
-        if (user_error_message != NULL) {
-            ret = pack_user_info_chpass_error(state->pd, user_error_message,
-                                              &msg_len, &msg);
+        break;
+    }
+
+    if (state->pd->pam_status != PAM_SUCCESS && user_error_message != NULL) {
+        ret = pack_user_info_chpass_error(state->pd, user_error_message,
+                                            &msg_len, &msg);
+        if (ret != EOK) {
+            DEBUG(1, ("pack_user_info_chpass_error failed.\n"));
+        } else {
+            ret = pam_add_response(state->pd, SSS_PAM_USER_INFO, msg_len,
+                                    msg);
             if (ret != EOK) {
-                DEBUG(1, ("pack_user_info_chpass_error failed.\n"));
-            } else {
-                ret = pam_add_response(state->pd, SSS_PAM_USER_INFO, msg_len,
-                                       msg);
-                if (ret != EOK) {
-                    DEBUG(1, ("pam_add_response failed.\n"));
-                }
+                DEBUG(1, ("pam_add_response failed.\n"));
             }
         }
     }
author	Jakub Hrozek <jhrozek@redhat.com>	2011-09-06 10:55:15 +0200
committer	Stephen Gallagher <sgallagh@redhat.com>	2011-09-06 14:51:45 -0400
commit	cd5b718ebeab1c923af7a5c3c0a5c717c5659c7d (patch)
tree	9371901027fc5eaa53fef2d86dd2336c0fb49083 /src/providers/ldap/ldap_auth.c
parent	4e3495b3b8927a282adc48cc80f0611ecf79821b (diff)
download	sssd-cd5b718ebeab1c923af7a5c3c0a5c717c5659c7d.tar.gz sssd-cd5b718ebeab1c923af7a5c3c0a5c717c5659c7d.tar.xz sssd-cd5b718ebeab1c923af7a5c3c0a5c717c5659c7d.zip