From 9dc76c9405860004ebbaeb7da944e06e7767780d Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Mon, 8 Feb 2010 11:53:43 +0100 Subject: Make return values more specific during password change - return PAM_AUTHTOK_ERR instead of PAM_SYSTEM_ERR if the password change operation fails - send a message to the user if the system is offline and the password cannot be changed --- server/providers/krb5/krb5_child.c | 1 + server/providers/ldap/ldap_auth.c | 8 +++++--- 2 files changed, 6 insertions(+), 3 deletions(-) (limited to 'server/providers') diff --git a/server/providers/krb5/krb5_child.c b/server/providers/krb5/krb5_child.c index 08e16b4a2..b73032605 100644 --- a/server/providers/krb5/krb5_child.c +++ b/server/providers/krb5/krb5_child.c @@ -579,6 +579,7 @@ static errno_t changepw_child(int fd, struct krb5_req *kr) result_string.length, result_string.data)); } + pam_status = PAM_AUTHTOK_ERR; goto sendresponse; } diff --git a/server/providers/ldap/ldap_auth.c b/server/providers/ldap/ldap_auth.c index fbb4e53b6..1d1346c07 100644 --- a/server/providers/ldap/ldap_auth.c +++ b/server/providers/ldap/ldap_auth.c @@ -772,7 +772,7 @@ static void sdap_auth4chpass_done(struct tevent_req *req) if (pw_expire_type == PWEXPIRE_SHADOW) { /* TODO: implement async ldap modify request */ DEBUG(1, ("Changing shadow password attributes not implemented.\n")); - state->pd->pam_status = PAM_SYSTEM_ERR; + state->pd->pam_status = PAM_MODULE_UNKNOWN; goto done; } else { subreq = sdap_exop_modify_passwd_send(state, @@ -791,7 +791,9 @@ static void sdap_auth4chpass_done(struct tevent_req *req) return; } break; - + case SDAP_AUTH_FAILED: + state->pd->pam_status = PAM_AUTH_ERR; + break; default: state->pd->pam_status = PAM_SYSTEM_ERR; } @@ -821,7 +823,7 @@ static void sdap_pam_chpass_done(struct tevent_req *req) dp_err = DP_ERR_OK; break; default: - state->pd->pam_status = PAM_SYSTEM_ERR; + state->pd->pam_status = PAM_AUTHTOK_ERR; } done: -- cgit