diff options
author | Simo Sorce <simo@redhat.com> | 2013-02-26 16:25:07 -0500 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-03-19 14:07:41 +0100 |
commit | 233a3c6c48972b177e60d6ef4cecfacd3cf31659 (patch) | |
tree | e67d6eaed705d8c76173af0c06b49072224460be /src/providers/ldap/sdap_async.c | |
parent | 4f2e932acd5266e9d4e3f55966baafbdbd2ae210 (diff) | |
download | sssd-233a3c6c48972b177e60d6ef4cecfacd3cf31659.tar.gz sssd-233a3c6c48972b177e60d6ef4cecfacd3cf31659.tar.xz sssd-233a3c6c48972b177e60d6ef4cecfacd3cf31659.zip |
Use common error facility instead of sdap_result
Simplifies and consolidates error reporting for ldap authentication paths.
Adds 3 new error codes:
ERR_CHPASS_DENIED - Used when password constraints deny password changes
ERR_ACCOUNT_EXPIRED - Account is expired
ERR_PASSWORD_EXPIRED - Password is expired
Diffstat (limited to 'src/providers/ldap/sdap_async.c')
-rw-r--r-- | src/providers/ldap/sdap_async.c | 48 |
1 files changed, 22 insertions, 26 deletions
diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c index b7d98392b..7ac32b95a 100644 --- a/src/providers/ldap/sdap_async.c +++ b/src/providers/ldap/sdap_async.c @@ -490,7 +490,6 @@ struct sdap_exop_modify_passwd_state { struct sdap_op *op; - int result; char *user_error_message; }; @@ -552,6 +551,7 @@ struct tevent_req *sdap_exop_modify_passwd_send(TALLOC_CTX *memctx, if (ret != LDAP_SUCCESS && ret != LDAP_NOT_SUPPORTED) { DEBUG(1, ("sdap_control_create failed to create " "Password Policy control.\n")); + ret = ERR_INTERNAL; goto fail; } request_controls = ctrls; @@ -564,6 +564,7 @@ struct tevent_req *sdap_exop_modify_passwd_send(TALLOC_CTX *memctx, if (ctrls[0]) ldap_control_free(ctrls[0]); if (ret == -1 || msgid == -1) { DEBUG(1, ("ldap_extended_operation failed\n")); + ret = ERR_NETWORK_IO; goto fail; } DEBUG(8, ("ldap_extended_operation sent, msgid = %d\n", msgid)); @@ -573,13 +574,14 @@ struct tevent_req *sdap_exop_modify_passwd_send(TALLOC_CTX *memctx, sdap_exop_modify_passwd_done, req, 5, &state->op); if (ret) { DEBUG(1, ("Failed to set up operation!\n")); + ret = ERR_INTERNAL; goto fail; } return req; fail: - tevent_req_error(req, EIO); + tevent_req_error(req, ret); tevent_req_post(req, ev); return req; } @@ -598,6 +600,7 @@ static void sdap_exop_modify_passwd_done(struct sdap_op *op, ber_int_t pp_grace; ber_int_t pp_expire; LDAPPasswordPolicyError pp_error; + int result; if (error) { tevent_req_error(req, error); @@ -605,11 +608,11 @@ static void sdap_exop_modify_passwd_done(struct sdap_op *op, } ret = ldap_parse_result(state->sh->ldap, reply->msg, - &state->result, NULL, &errmsg, NULL, + &result, NULL, &errmsg, NULL, &response_controls, 0); if (ret != LDAP_SUCCESS) { DEBUG(2, ("ldap_parse_result failed (%d)\n", state->op->msgid)); - ret = EIO; + ret = ERR_INTERNAL; goto done; } @@ -627,7 +630,7 @@ static void sdap_exop_modify_passwd_done(struct sdap_op *op, &pp_error); if (ret != LDAP_SUCCESS) { DEBUG(1, ("ldap_parse_passwordpolicy_control failed.\n")); - ret = EIO; + ret = ERR_NETWORK_IO; goto done; } @@ -639,9 +642,16 @@ static void sdap_exop_modify_passwd_done(struct sdap_op *op, } DEBUG(3, ("ldap_extended_operation result: %s(%d), %s\n", - sss_ldap_err2string(state->result), state->result, errmsg)); + sss_ldap_err2string(result), result, errmsg)); - if (state->result != LDAP_SUCCESS) { + switch (result) { + case LDAP_SUCCESS: + ret = EOK; + break; + case LDAP_CONSTRAINT_VIOLATION: + ret = ERR_CHPASS_DENIED; + break; + default: if (errmsg) { state->user_error_message = talloc_strdup(state, errmsg); if (state->user_error_message == NULL) { @@ -650,11 +660,10 @@ static void sdap_exop_modify_passwd_done(struct sdap_op *op, goto done; } } - ret = EIO; - goto done; + ret = ERR_NETWORK_IO; + break; } - ret = EOK; done: ldap_controls_free(response_controls); ldap_memfree(errmsg); @@ -666,28 +675,15 @@ done: } } -int sdap_exop_modify_passwd_recv(struct tevent_req *req, - TALLOC_CTX * mem_ctx, - enum sdap_result *result, - char **user_error_message) +errno_t sdap_exop_modify_passwd_recv(struct tevent_req *req, + TALLOC_CTX * mem_ctx, + char **user_error_message) { struct sdap_exop_modify_passwd_state *state = tevent_req_data(req, struct sdap_exop_modify_passwd_state); *user_error_message = talloc_steal(mem_ctx, state->user_error_message); - switch (state->result) { - case LDAP_SUCCESS: - *result = SDAP_SUCCESS; - break; - case LDAP_CONSTRAINT_VIOLATION: - *result = SDAP_AUTH_PW_CONSTRAINT_VIOLATION; - break; - default: - *result = SDAP_ERROR; - break; - } - TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; |