summaryrefslogtreecommitdiffstats
path: root/src/providers/ldap/ldap_auth.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/providers/ldap/ldap_auth.c')
-rw-r--r--src/providers/ldap/ldap_auth.c27
1 files changed, 16 insertions, 11 deletions
diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c
index 32c208dc9..8109e247d 100644
--- a/src/providers/ldap/ldap_auth.c
+++ b/src/providers/ldap/ldap_auth.c
@@ -899,7 +899,7 @@ static void sdap_pam_chpass_done(struct tevent_req *req)
ret = sdap_exop_modify_passwd_recv(req, state, &result, &user_error_message);
talloc_zfree(req);
- if (ret) {
+ if (ret && ret != EIO) {
state->pd->pam_status = PAM_SYSTEM_ERR;
goto done;
}
@@ -909,19 +909,24 @@ static void sdap_pam_chpass_done(struct tevent_req *req)
state->pd->pam_status = PAM_SUCCESS;
dp_err = DP_ERR_OK;
break;
+ case SDAP_AUTH_PW_CONSTRAINT_VIOLATION:
+ state->pd->pam_status = PAM_NEW_AUTHTOK_REQD;
+ break;
default:
state->pd->pam_status = PAM_AUTHTOK_ERR;
- if (user_error_message != NULL) {
- ret = pack_user_info_chpass_error(state->pd, user_error_message,
- &msg_len, &msg);
+ break;
+ }
+
+ if (state->pd->pam_status != PAM_SUCCESS && user_error_message != NULL) {
+ ret = pack_user_info_chpass_error(state->pd, user_error_message,
+ &msg_len, &msg);
+ if (ret != EOK) {
+ DEBUG(1, ("pack_user_info_chpass_error failed.\n"));
+ } else {
+ ret = pam_add_response(state->pd, SSS_PAM_USER_INFO, msg_len,
+ msg);
if (ret != EOK) {
- DEBUG(1, ("pack_user_info_chpass_error failed.\n"));
- } else {
- ret = pam_add_response(state->pd, SSS_PAM_USER_INFO, msg_len,
- msg);
- if (ret != EOK) {
- DEBUG(1, ("pam_add_response failed.\n"));
- }
+ DEBUG(1, ("pam_add_response failed.\n"));
}
}
}
generated by cgit (git 2.34.1) at 2024-04-23 17:04:45 +0000