Make change password errors more transparent

author: Sumit Bose <sbose@redhat.com> 2010-02-11 13:15:52 +0100
committer: Stephen Gallagher <sgallagh@redhat.com> 2010-02-12 08:44:11 -0500
commit: fbcab705c90135080e09544616f1526c0e7ef90c (patch)
tree: 8868be756692302c757dafa08c21154dd873bb2a /server/providers/ldap
parent: 152f9e939f91d94e6f30391182fd72d9267ec6e1 (diff)
download: sssd-fbcab705c90135080e09544616f1526c0e7ef90c.tar.gz
sssd-fbcab705c90135080e09544616f1526c0e7ef90c.tar.bz2
sssd-fbcab705c90135080e09544616f1526c0e7ef90c.zip
3 files changed, 36 insertions, 5 deletions
diff --git a/server/providers/ldap/ldap_auth.c b/server/providers/ldap/ldap_auth.c
index 1d1346c0..cfe8adb9 100644
--- a/server/providers/ldap/ldap_auth.c
+++ b/server/providers/ldap/ldap_auth.c
@@ -40,6 +40,7 @@
 #include <security/pam_modules.h>
 
 #include "util/util.h"
+#include "util/user_info_msg.h"
 #include "db/sysdb.h"
 #include "providers/ldap/ldap_common.h"
 #include "providers/ldap/sdap_async.h"
@@ -809,8 +810,11 @@ static void sdap_pam_chpass_done(struct tevent_req *req)
     enum sdap_result result;
     int dp_err = DP_ERR_FATAL;
     int ret;
+    char *user_error_message = NULL;
+    size_t msg_len;
+    uint8_t *msg;
 
-    ret = sdap_exop_modify_passwd_recv(req, &result);
+    ret = sdap_exop_modify_passwd_recv(req, state, &result, &user_error_message);
     talloc_zfree(req);
     if (ret) {
         state->pd->pam_status = PAM_SYSTEM_ERR;
@@ -824,6 +828,19 @@ static void sdap_pam_chpass_done(struct tevent_req *req)
         break;
     default:
         state->pd->pam_status = PAM_AUTHTOK_ERR;
+        if (user_error_message != NULL) {
+            ret = pack_user_info_chpass_error(state->pd, user_error_message,
+                                              &msg_len, &msg);
+            if (ret != EOK) {
+                DEBUG(1, ("pack_user_info_chpass_error failed.\n"));
+            } else {
+                ret = pam_add_response(state->pd, SSS_PAM_USER_INFO, msg_len,
+                                       msg);
+                if (ret != EOK) {
+                    DEBUG(1, ("pam_add_response failed.\n"));
+                }
+            }
+        }
     }
 
 done:
diff --git a/server/providers/ldap/sdap_async.c b/server/providers/ldap/sdap_async.c
index 88f1c4be..959c08a6 100644
--- a/server/providers/ldap/sdap_async.c
+++ b/server/providers/ldap/sdap_async.c
@@ -530,6 +530,7 @@ struct sdap_exop_modify_passwd_state {
     struct sdap_op *op;
 
     int result;
+    char *user_error_message;
 };
 
 static void sdap_exop_modify_passwd_done(struct sdap_op *op,
@@ -556,6 +557,7 @@ struct tevent_req *sdap_exop_modify_passwd_send(TALLOC_CTX *memctx,
     if (!req) return NULL;
 
     state->sh = sh;
+    state->user_error_message = NULL;
 
     ber = ber_alloc_t( LBER_USE_DER );
     if (ber == NULL) {
@@ -626,7 +628,7 @@ static void sdap_exop_modify_passwd_done(struct sdap_op *op,
     struct tevent_req *req = talloc_get_type(pvt, struct tevent_req);
     struct sdap_exop_modify_passwd_state *state = tevent_req_data(req,
                                          struct sdap_exop_modify_passwd_state);
-    char *errmsg;
+    char *errmsg = NULL;
     int ret;
     LDAPControl **response_controls = NULL;
     int c;
@@ -673,12 +675,20 @@ static void sdap_exop_modify_passwd_done(struct sdap_op *op,
         }
     }
 
+    if (state->result != LDAP_SUCCESS) {
+        state->user_error_message = talloc_strdup(state, errmsg);
+        if (state->user_error_message == NULL) {
+            DEBUG(1, ("talloc_strdup failed.\n"));
+        }
+    }
+
     DEBUG(3, ("ldap_extended_operation result: %s(%d), %s\n",
               ldap_err2string(state->result), state->result, errmsg));
 
     ret = LDAP_SUCCESS;
 done:
     ldap_controls_free(response_controls);
+    ldap_memfree(errmsg);
 
     if (ret == LDAP_SUCCESS) {
         tevent_req_done(req);
@@ -688,12 +698,15 @@ done:
 }
 
 int sdap_exop_modify_passwd_recv(struct tevent_req *req,
-                                 enum sdap_result *result)
+                                 TALLOC_CTX * mem_ctx,
+                                 enum sdap_result *result,
+                                 char **user_error_message)
 {
     struct sdap_exop_modify_passwd_state *state = tevent_req_data(req,
                                          struct sdap_exop_modify_passwd_state);
 
     *result = SDAP_ERROR;
+    *user_error_message = talloc_steal(mem_ctx, state->user_error_message);
 
     TEVENT_REQ_RETURN_ON_ERROR(req);
 
diff --git a/server/providers/ldap/sdap_async.h b/server/providers/ldap/sdap_async.h
index e18fb69a..3c52d236 100644
--- a/server/providers/ldap/sdap_async.h
+++ b/server/providers/ldap/sdap_async.h
@@ -94,8 +94,9 @@ struct tevent_req *sdap_exop_modify_passwd_send(TALLOC_CTX *memctx,
                                                 char *user_dn,
                                                 char *password,
                                                 char *new_password);
-int sdap_exop_modify_passwd_recv(struct tevent_req *req,
-                                 enum sdap_result *result);
+int sdap_exop_modify_passwd_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
+                                 enum sdap_result *result,
+                                 char **user_error_msg);
 
 struct tevent_req *sdap_cli_connect_send(TALLOC_CTX *memctx,
                                          struct tevent_context *ev,
author	Sumit Bose <sbose@redhat.com>	2010-02-11 13:15:52 +0100
committer	Stephen Gallagher <sgallagh@redhat.com>	2010-02-12 08:44:11 -0500
commit	fbcab705c90135080e09544616f1526c0e7ef90c (patch)
tree	8868be756692302c757dafa08c21154dd873bb2a /server/providers/ldap
parent	152f9e939f91d94e6f30391182fd72d9267ec6e1 (diff)
download	sssd-fbcab705c90135080e09544616f1526c0e7ef90c.tar.gz sssd-fbcab705c90135080e09544616f1526c0e7ef90c.tar.bz2 sssd-fbcab705c90135080e09544616f1526c0e7ef90c.zip