diff options
author | Sumit Bose <sbose@redhat.com> | 2010-02-08 11:53:43 +0100 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2010-02-10 08:46:49 -0500 |
commit | 9dc76c9405860004ebbaeb7da944e06e7767780d (patch) | |
tree | e7757a0f3635d3a5b1e00dd61e5ceae8a65c7f30 /sss_client/pam_sss.c | |
parent | a08160e2ad7358b87f8f5a20f52f76196a32f3a1 (diff) | |
download | sssd-9dc76c9405860004ebbaeb7da944e06e7767780d.tar.gz sssd-9dc76c9405860004ebbaeb7da944e06e7767780d.tar.bz2 sssd-9dc76c9405860004ebbaeb7da944e06e7767780d.zip |
Make return values more specific during password change
- return PAM_AUTHTOK_ERR instead of PAM_SYSTEM_ERR if the password
change operation fails
- send a message to the user if the system is offline and the password
cannot be changed
Diffstat (limited to 'sss_client/pam_sss.c')
-rw-r--r-- | sss_client/pam_sss.c | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/sss_client/pam_sss.c b/sss_client/pam_sss.c index 6e238ecc..8c970e48 100644 --- a/sss_client/pam_sss.c +++ b/sss_client/pam_sss.c @@ -475,6 +475,27 @@ static int user_info_offline_auth_delayed(pam_handle_t *pamh, size_t buflen, return PAM_SUCCESS; } +static int user_info_offline_chpass(pam_handle_t *pamh, size_t buflen, + uint8_t *buf) +{ + int ret; + + if (buflen != sizeof(uint32_t)) { + D(("User info response data has the wrong size")); + return PAM_BUF_ERR; + } + + ret = do_pam_conversation(pamh, PAM_TEXT_INFO, + _("System is offline, password change not possible"), + NULL, NULL); + if (ret != PAM_SUCCESS) { + D(("do_pam_conversation failed.")); + return PAM_SYSTEM_ERR; + } + + return PAM_SUCCESS; +} + static int eval_user_info_response(pam_handle_t *pamh, size_t buflen, uint8_t *buf) { @@ -495,6 +516,9 @@ static int eval_user_info_response(pam_handle_t *pamh, size_t buflen, case SSS_PAM_USER_INFO_OFFLINE_AUTH_DELAYED: ret = user_info_offline_auth_delayed(pamh, buflen, buf); break; + case SSS_PAM_USER_INFO_OFFLINE_CHPASS: + ret = user_info_offline_chpass(pamh, buflen, buf); + break; default: D(("Unknown user info type [%d]", type)); ret = PAM_SYSTEM_ERR; |