Make return values more specific during password change

- return PAM_AUTHTOK_ERR instead of PAM_SYSTEM_ERR if the password change operation fails - send a message to the user if the system is offline and the password cannot be changed
author: Sumit Bose <sbose@redhat.com> 2010-02-08 11:53:43 +0100
committer: Stephen Gallagher <sgallagh@redhat.com> 2010-02-10 08:46:49 -0500
commit: 9dc76c9405860004ebbaeb7da944e06e7767780d (patch)
tree: e7757a0f3635d3a5b1e00dd61e5ceae8a65c7f30 /sss_client
parent: a08160e2ad7358b87f8f5a20f52f76196a32f3a1 (diff)
download: sssd-9dc76c9405860004ebbaeb7da944e06e7767780d.tar.gz
sssd-9dc76c9405860004ebbaeb7da944e06e7767780d.tar.bz2
sssd-9dc76c9405860004ebbaeb7da944e06e7767780d.zip
2 files changed, 26 insertions, 1 deletions
diff --git a/sss_client/pam_sss.c b/sss_client/pam_sss.c
index 6e238ecc..8c970e48 100644
--- a/sss_client/pam_sss.c
+++ b/sss_client/pam_sss.c
@@ -475,6 +475,27 @@ static int user_info_offline_auth_delayed(pam_handle_t *pamh, size_t buflen,
     return PAM_SUCCESS;
 }
 
+static int user_info_offline_chpass(pam_handle_t *pamh, size_t buflen,
+                                    uint8_t *buf)
+{
+    int ret;
+
+    if (buflen != sizeof(uint32_t)) {
+        D(("User info response data has the wrong size"));
+        return PAM_BUF_ERR;
+    }
+
+    ret = do_pam_conversation(pamh, PAM_TEXT_INFO,
+                              _("System is offline, password change not possible"),
+                              NULL, NULL);
+    if (ret != PAM_SUCCESS) {
+        D(("do_pam_conversation failed."));
+        return PAM_SYSTEM_ERR;
+    }
+
+    return PAM_SUCCESS;
+}
+
 static int eval_user_info_response(pam_handle_t *pamh, size_t buflen,
                                    uint8_t *buf)
 {
@@ -495,6 +516,9 @@ static int eval_user_info_response(pam_handle_t *pamh, size_t buflen,
         case SSS_PAM_USER_INFO_OFFLINE_AUTH_DELAYED:
             ret = user_info_offline_auth_delayed(pamh, buflen, buf);
             break;
+        case SSS_PAM_USER_INFO_OFFLINE_CHPASS:
+            ret = user_info_offline_chpass(pamh, buflen, buf);
+            break;
         default:
             D(("Unknown user info type [%d]", type));
             ret = PAM_SYSTEM_ERR;
diff --git a/sss_client/sss_cli.h b/sss_client/sss_cli.h
index 95469611..55d5a282 100644
--- a/sss_client/sss_cli.h
+++ b/sss_client/sss_cli.h
@@ -179,7 +179,8 @@ enum response_type {
 
 enum user_info_type {
     SSS_PAM_USER_INFO_OFFLINE_AUTH = 0x01,
-    SSS_PAM_USER_INFO_OFFLINE_AUTH_DELAYED
+    SSS_PAM_USER_INFO_OFFLINE_AUTH_DELAYED,
+    SSS_PAM_USER_INFO_OFFLINE_CHPASS
 };
 
 enum nss_status sss_nss_make_request(enum sss_cli_command cmd,
author	Sumit Bose <sbose@redhat.com>	2010-02-08 11:53:43 +0100
committer	Stephen Gallagher <sgallagh@redhat.com>	2010-02-10 08:46:49 -0500
commit	9dc76c9405860004ebbaeb7da944e06e7767780d (patch)
tree	e7757a0f3635d3a5b1e00dd61e5ceae8a65c7f30 /sss_client
parent	a08160e2ad7358b87f8f5a20f52f76196a32f3a1 (diff)
download	sssd-9dc76c9405860004ebbaeb7da944e06e7767780d.tar.gz sssd-9dc76c9405860004ebbaeb7da944e06e7767780d.tar.bz2 sssd-9dc76c9405860004ebbaeb7da944e06e7767780d.zip