diff options
| author | Michal Zidek <mzidek@redhat.com> | 2013-08-09 15:17:48 -0400 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-08-11 20:37:54 +0200 |
| commit | d3eadee84b02f66b1b72540af4a073e479ae1319 (patch) | |
| tree | 66bf01e7dd3052f07dcec793ac31037b6fc22c5f /src/providers | |
| parent | fdc6aa9d52a2acffafff34f943c99863bea6aa0f (diff) | |
| download | sssd-d3eadee84b02f66b1b72540af4a073e479ae1319.tar.gz sssd-d3eadee84b02f66b1b72540af4a073e479ae1319.tar.xz sssd-d3eadee84b02f66b1b72540af4a073e479ae1319.zip | |
ldap, krb5: More descriptive msg on chpass failure.
Print more descriptive message when wrong current password
is given during password change operation.
resolves:
https://fedorahosted.org/sssd/ticket/2029
Diffstat (limited to 'src/providers')
| -rw-r--r-- | src/providers/krb5/krb5_child.c | 15 | ||||
| -rw-r--r-- | src/providers/ldap/ldap_auth.c | 15 |
2 files changed, 30 insertions, 0 deletions
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c index 1c2939acd..9a93aa0da 100644 --- a/src/providers/krb5/krb5_child.c +++ b/src/providers/krb5/krb5_child.c @@ -1323,6 +1323,8 @@ static errno_t changepw_child(struct krb5_req *kr, bool prelim) const char *realm_name; int realm_length; krb5_get_init_creds_opt *chagepw_options; + size_t msg_len; + uint8_t *msg; DEBUG(SSSDBG_TRACE_LIBS, ("Password change operation\n")); @@ -1355,6 +1357,19 @@ static errno_t changepw_child(struct krb5_req *kr, bool prelim) chagepw_options); sss_krb5_get_init_creds_opt_free(kr->ctx, chagepw_options); if (kerr != 0) { + ret = pack_user_info_chpass_error(kr->pd, "Old password not accepted.", + &msg_len, &msg); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, + ("pack_user_info_chpass_error failed.\n")); + } else { + ret = pam_add_response(kr->pd, SSS_PAM_USER_INFO, msg_len, + msg); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, + ("pam_add_response failed.\n")); + } + } return kerr; } diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c index ea28ba66b..e5b636581 100644 --- a/src/providers/ldap/ldap_auth.c +++ b/src/providers/ldap/ldap_auth.c @@ -768,6 +768,8 @@ static void sdap_auth4chpass_done(struct tevent_req *req) void *pw_expire_data; int dp_err = DP_ERR_FATAL; int ret; + size_t msg_len; + uint8_t *msg; ret = auth_recv(req, state, &state->sh, &state->dn, &pw_expire_type, &pw_expire_data); @@ -847,6 +849,19 @@ static void sdap_auth4chpass_done(struct tevent_req *req) case ERR_AUTH_DENIED: case ERR_AUTH_FAILED: state->pd->pam_status = PAM_AUTH_ERR; + ret = pack_user_info_chpass_error(state->pd, "Old password not accepted.", + &msg_len, &msg); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, + ("pack_user_info_chpass_error failed.\n")); + } else { + ret = pam_add_response(state->pd, SSS_PAM_USER_INFO, msg_len, + msg); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, ("pam_add_response failed.\n")); + } + } + break; case ETIMEDOUT: case ERR_NETWORK_IO: |