diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2011-09-06 10:55:15 +0200 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2011-09-06 14:52:23 -0400 |
commit | 14765d35f9440e3ca4fe771f162daf5c066ddd87 (patch) | |
tree | d1f41f81268b47857692938cbc81f6e68aa20900 /src/providers/ldap/ldap_auth.c | |
parent | 52059070ca9c2d7a28df2620e915e2164bfd89a1 (diff) | |
download | sssd-14765d35f9440e3ca4fe771f162daf5c066ddd87.tar.gz sssd-14765d35f9440e3ca4fe771f162daf5c066ddd87.tar.xz sssd-14765d35f9440e3ca4fe771f162daf5c066ddd87.zip |
Improve error message for LDAP password constraint violation
https://fedorahosted.org/sssd/ticket/985
Diffstat (limited to 'src/providers/ldap/ldap_auth.c')
-rw-r--r-- | src/providers/ldap/ldap_auth.c | 27 |
1 files changed, 16 insertions, 11 deletions
diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c index 434926076..f01c23d6e 100644 --- a/src/providers/ldap/ldap_auth.c +++ b/src/providers/ldap/ldap_auth.c @@ -904,7 +904,7 @@ static void sdap_pam_chpass_done(struct tevent_req *req) ret = sdap_exop_modify_passwd_recv(req, state, &result, &user_error_message); talloc_zfree(req); - if (ret) { + if (ret && ret != EIO) { state->pd->pam_status = PAM_SYSTEM_ERR; goto done; } @@ -914,19 +914,24 @@ static void sdap_pam_chpass_done(struct tevent_req *req) state->pd->pam_status = PAM_SUCCESS; dp_err = DP_ERR_OK; break; + case SDAP_AUTH_PW_CONSTRAINT_VIOLATION: + state->pd->pam_status = PAM_NEW_AUTHTOK_REQD; + break; default: state->pd->pam_status = PAM_AUTHTOK_ERR; - if (user_error_message != NULL) { - ret = pack_user_info_chpass_error(state->pd, user_error_message, - &msg_len, &msg); + break; + } + + if (state->pd->pam_status != PAM_SUCCESS && user_error_message != NULL) { + ret = pack_user_info_chpass_error(state->pd, user_error_message, + &msg_len, &msg); + if (ret != EOK) { + DEBUG(1, ("pack_user_info_chpass_error failed.\n")); + } else { + ret = pam_add_response(state->pd, SSS_PAM_USER_INFO, msg_len, + msg); if (ret != EOK) { - DEBUG(1, ("pack_user_info_chpass_error failed.\n")); - } else { - ret = pam_add_response(state->pd, SSS_PAM_USER_INFO, msg_len, - msg); - if (ret != EOK) { - DEBUG(1, ("pam_add_response failed.\n")); - } + DEBUG(1, ("pam_add_response failed.\n")); } } } |