diff options
Diffstat (limited to 'src/providers/ldap/ldap_auth.c')
-rw-r--r-- | src/providers/ldap/ldap_auth.c | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c index 6aba14c96..805282300 100644 --- a/src/providers/ldap/ldap_auth.c +++ b/src/providers/ldap/ldap_auth.c @@ -815,6 +815,8 @@ static void sdap_auth4chpass_done(struct tevent_req *req) void *pw_expire_data; int dp_err = DP_ERR_FATAL; int ret; + size_t msg_len; + uint8_t *msg; ret = auth_recv(req, state, &state->sh, &result, &state->dn, @@ -899,6 +901,19 @@ static void sdap_auth4chpass_done(struct tevent_req *req) break; case SDAP_AUTH_FAILED: state->pd->pam_status = PAM_AUTH_ERR; + ret = pack_user_info_chpass_error(state->pd, "Old password not accepted.", + &msg_len, &msg); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, + ("pack_user_info_chpass_error failed.\n")); + } else { + ret = pam_add_response(state->pd, SSS_PAM_USER_INFO, msg_len, + msg); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, ("pam_add_response failed.\n")); + } + } + break; case SDAP_UNAVAIL: state->pd->pam_status = PAM_AUTHINFO_UNAVAIL; |