diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2011-09-06 10:55:15 +0200 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2011-09-06 14:51:45 -0400 |
commit | cd5b718ebeab1c923af7a5c3c0a5c717c5659c7d (patch) | |
tree | 9371901027fc5eaa53fef2d86dd2336c0fb49083 /src/providers/ldap/ldap_auth.c | |
parent | 4e3495b3b8927a282adc48cc80f0611ecf79821b (diff) | |
download | sssd-cd5b718ebeab1c923af7a5c3c0a5c717c5659c7d.tar.gz sssd-cd5b718ebeab1c923af7a5c3c0a5c717c5659c7d.tar.xz sssd-cd5b718ebeab1c923af7a5c3c0a5c717c5659c7d.zip |
Improve error message for LDAP password constraint violation
https://fedorahosted.org/sssd/ticket/985
Diffstat (limited to 'src/providers/ldap/ldap_auth.c')
-rw-r--r-- | src/providers/ldap/ldap_auth.c | 27 |
1 files changed, 16 insertions, 11 deletions
diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c index ef4477cf0..390ea8bc3 100644 --- a/src/providers/ldap/ldap_auth.c +++ b/src/providers/ldap/ldap_auth.c @@ -904,7 +904,7 @@ static void sdap_pam_chpass_done(struct tevent_req *req) ret = sdap_exop_modify_passwd_recv(req, state, &result, &user_error_message); talloc_zfree(req); - if (ret) { + if (ret && ret != EIO) { state->pd->pam_status = PAM_SYSTEM_ERR; goto done; } @@ -914,19 +914,24 @@ static void sdap_pam_chpass_done(struct tevent_req *req) state->pd->pam_status = PAM_SUCCESS; dp_err = DP_ERR_OK; break; + case SDAP_AUTH_PW_CONSTRAINT_VIOLATION: + state->pd->pam_status = PAM_NEW_AUTHTOK_REQD; + break; default: state->pd->pam_status = PAM_AUTHTOK_ERR; - if (user_error_message != NULL) { - ret = pack_user_info_chpass_error(state->pd, user_error_message, - &msg_len, &msg); + break; + } + + if (state->pd->pam_status != PAM_SUCCESS && user_error_message != NULL) { + ret = pack_user_info_chpass_error(state->pd, user_error_message, + &msg_len, &msg); + if (ret != EOK) { + DEBUG(1, ("pack_user_info_chpass_error failed.\n")); + } else { + ret = pam_add_response(state->pd, SSS_PAM_USER_INFO, msg_len, + msg); if (ret != EOK) { - DEBUG(1, ("pack_user_info_chpass_error failed.\n")); - } else { - ret = pam_add_response(state->pd, SSS_PAM_USER_INFO, msg_len, - msg); - if (ret != EOK) { - DEBUG(1, ("pam_add_response failed.\n")); - } + DEBUG(1, ("pam_add_response failed.\n")); } } } |