diff options
Diffstat (limited to 'server/providers/ldap')
| -rw-r--r-- | server/providers/ldap/ldap_auth.c | 19 | ||||
| -rw-r--r-- | server/providers/ldap/sdap_async.c | 17 | ||||
| -rw-r--r-- | server/providers/ldap/sdap_async.h | 5 |
3 files changed, 36 insertions, 5 deletions
diff --git a/server/providers/ldap/ldap_auth.c b/server/providers/ldap/ldap_auth.c index 1d1346c07..cfe8adb97 100644 --- a/server/providers/ldap/ldap_auth.c +++ b/server/providers/ldap/ldap_auth.c @@ -40,6 +40,7 @@ #include <security/pam_modules.h> #include "util/util.h" +#include "util/user_info_msg.h" #include "db/sysdb.h" #include "providers/ldap/ldap_common.h" #include "providers/ldap/sdap_async.h" @@ -809,8 +810,11 @@ static void sdap_pam_chpass_done(struct tevent_req *req) enum sdap_result result; int dp_err = DP_ERR_FATAL; int ret; + char *user_error_message = NULL; + size_t msg_len; + uint8_t *msg; - ret = sdap_exop_modify_passwd_recv(req, &result); + ret = sdap_exop_modify_passwd_recv(req, state, &result, &user_error_message); talloc_zfree(req); if (ret) { state->pd->pam_status = PAM_SYSTEM_ERR; @@ -824,6 +828,19 @@ static void sdap_pam_chpass_done(struct tevent_req *req) break; default: state->pd->pam_status = PAM_AUTHTOK_ERR; + if (user_error_message != NULL) { + ret = pack_user_info_chpass_error(state->pd, user_error_message, + &msg_len, &msg); + if (ret != EOK) { + DEBUG(1, ("pack_user_info_chpass_error failed.\n")); + } else { + ret = pam_add_response(state->pd, SSS_PAM_USER_INFO, msg_len, + msg); + if (ret != EOK) { + DEBUG(1, ("pam_add_response failed.\n")); + } + } + } } done: diff --git a/server/providers/ldap/sdap_async.c b/server/providers/ldap/sdap_async.c index 88f1c4be6..959c08a65 100644 --- a/server/providers/ldap/sdap_async.c +++ b/server/providers/ldap/sdap_async.c @@ -530,6 +530,7 @@ struct sdap_exop_modify_passwd_state { struct sdap_op *op; int result; + char *user_error_message; }; static void sdap_exop_modify_passwd_done(struct sdap_op *op, @@ -556,6 +557,7 @@ struct tevent_req *sdap_exop_modify_passwd_send(TALLOC_CTX *memctx, if (!req) return NULL; state->sh = sh; + state->user_error_message = NULL; ber = ber_alloc_t( LBER_USE_DER ); if (ber == NULL) { @@ -626,7 +628,7 @@ static void sdap_exop_modify_passwd_done(struct sdap_op *op, struct tevent_req *req = talloc_get_type(pvt, struct tevent_req); struct sdap_exop_modify_passwd_state *state = tevent_req_data(req, struct sdap_exop_modify_passwd_state); - char *errmsg; + char *errmsg = NULL; int ret; LDAPControl **response_controls = NULL; int c; @@ -673,12 +675,20 @@ static void sdap_exop_modify_passwd_done(struct sdap_op *op, } } + if (state->result != LDAP_SUCCESS) { + state->user_error_message = talloc_strdup(state, errmsg); + if (state->user_error_message == NULL) { + DEBUG(1, ("talloc_strdup failed.\n")); + } + } + DEBUG(3, ("ldap_extended_operation result: %s(%d), %s\n", ldap_err2string(state->result), state->result, errmsg)); ret = LDAP_SUCCESS; done: ldap_controls_free(response_controls); + ldap_memfree(errmsg); if (ret == LDAP_SUCCESS) { tevent_req_done(req); @@ -688,12 +698,15 @@ done: } int sdap_exop_modify_passwd_recv(struct tevent_req *req, - enum sdap_result *result) + TALLOC_CTX * mem_ctx, + enum sdap_result *result, + char **user_error_message) { struct sdap_exop_modify_passwd_state *state = tevent_req_data(req, struct sdap_exop_modify_passwd_state); *result = SDAP_ERROR; + *user_error_message = talloc_steal(mem_ctx, state->user_error_message); TEVENT_REQ_RETURN_ON_ERROR(req); diff --git a/server/providers/ldap/sdap_async.h b/server/providers/ldap/sdap_async.h index e18fb69a2..3c52d236b 100644 --- a/server/providers/ldap/sdap_async.h +++ b/server/providers/ldap/sdap_async.h @@ -94,8 +94,9 @@ struct tevent_req *sdap_exop_modify_passwd_send(TALLOC_CTX *memctx, char *user_dn, char *password, char *new_password); -int sdap_exop_modify_passwd_recv(struct tevent_req *req, - enum sdap_result *result); +int sdap_exop_modify_passwd_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, + enum sdap_result *result, + char **user_error_msg); struct tevent_req *sdap_cli_connect_send(TALLOC_CTX *memctx, struct tevent_context *ev, |