diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2011-09-06 10:55:15 +0200 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2011-09-12 08:45:52 -0400 |
commit | 820d9053e6cf192a08dea9285429e3165a6b39a0 (patch) | |
tree | 251c0f488e25c7afb56235c28258bbf0e2cc036d /src/providers/ldap/ldap_auth.c | |
parent | d09285e101d731771d9d4beeb1386cdad670fb88 (diff) | |
download | sssd-820d9053e6cf192a08dea9285429e3165a6b39a0.tar.gz sssd-820d9053e6cf192a08dea9285429e3165a6b39a0.tar.xz sssd-820d9053e6cf192a08dea9285429e3165a6b39a0.zip |
Improve error message for LDAP password constraint violation
https://fedorahosted.org/sssd/ticket/985
Diffstat (limited to 'src/providers/ldap/ldap_auth.c')
-rw-r--r-- | src/providers/ldap/ldap_auth.c | 27 |
1 files changed, 16 insertions, 11 deletions
diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c index 32c208dc9..8109e247d 100644 --- a/src/providers/ldap/ldap_auth.c +++ b/src/providers/ldap/ldap_auth.c @@ -899,7 +899,7 @@ static void sdap_pam_chpass_done(struct tevent_req *req) ret = sdap_exop_modify_passwd_recv(req, state, &result, &user_error_message); talloc_zfree(req); - if (ret) { + if (ret && ret != EIO) { state->pd->pam_status = PAM_SYSTEM_ERR; goto done; } @@ -909,19 +909,24 @@ static void sdap_pam_chpass_done(struct tevent_req *req) state->pd->pam_status = PAM_SUCCESS; dp_err = DP_ERR_OK; break; + case SDAP_AUTH_PW_CONSTRAINT_VIOLATION: + state->pd->pam_status = PAM_NEW_AUTHTOK_REQD; + break; default: state->pd->pam_status = PAM_AUTHTOK_ERR; - if (user_error_message != NULL) { - ret = pack_user_info_chpass_error(state->pd, user_error_message, - &msg_len, &msg); + break; + } + + if (state->pd->pam_status != PAM_SUCCESS && user_error_message != NULL) { + ret = pack_user_info_chpass_error(state->pd, user_error_message, + &msg_len, &msg); + if (ret != EOK) { + DEBUG(1, ("pack_user_info_chpass_error failed.\n")); + } else { + ret = pam_add_response(state->pd, SSS_PAM_USER_INFO, msg_len, + msg); if (ret != EOK) { - DEBUG(1, ("pack_user_info_chpass_error failed.\n")); - } else { - ret = pam_add_response(state->pd, SSS_PAM_USER_INFO, msg_len, - msg); - if (ret != EOK) { - DEBUG(1, ("pam_add_response failed.\n")); - } + DEBUG(1, ("pam_add_response failed.\n")); } } } |