2 files changed, 44 insertions, 1 deletions

diff --git a/sss_client/pam_sss.c b/sss_client/pam_sss.c
index 8c970e48..8a1e3129 100644
--- a/sss_client/pam_sss.c
+++ b/sss_client/pam_sss.c
@@ -496,6 +496,45 @@ static int user_info_offline_chpass(pam_handle_t *pamh, size_t buflen,
     return PAM_SUCCESS;
 }
 
+static int user_info_chpass_error(pam_handle_t *pamh, size_t buflen,
+                                  uint8_t *buf)
+{
+    int ret;
+    uint32_t msg_len;
+    char user_msg[256];
+
+    if (buflen < 2* sizeof(uint32_t)) {
+        D(("User info response data is too short"));
+        return PAM_BUF_ERR;
+    }
+
+    memcpy(&msg_len, buf + sizeof(uint32_t), sizeof(uint32_t));
+
+    if (buflen != 2* sizeof(uint32_t) + msg_len) {
+        D(("User info response data has the wrong size"));
+        return PAM_BUF_ERR;
+    }
+
+    ret = snprintf(user_msg, sizeof(user_msg), "%s%s%.*s",
+                   _("Password change failed. "),
+                   msg_len > 0 ? _("Server message: ") : "",
+                   msg_len,
+                   msg_len > 0 ? (char *)(buf + 2 * sizeof(uint32_t)) : "" );
+    if (ret < 0 || ret >= sizeof(user_msg)) {
+        D(("snprintf failed."));
+        return PAM_SYSTEM_ERR;
+    }
+
+    ret = do_pam_conversation(pamh, PAM_TEXT_INFO, user_msg, NULL, NULL);
+    if (ret != PAM_SUCCESS) {
+        D(("do_pam_conversation failed."));
+        return PAM_SYSTEM_ERR;
+    }
+
+    return PAM_SUCCESS;
+}
+
+
 static int eval_user_info_response(pam_handle_t *pamh, size_t buflen,
                                    uint8_t *buf)
 {
@@ -519,6 +558,9 @@ static int eval_user_info_response(pam_handle_t *pamh, size_t buflen,
         case SSS_PAM_USER_INFO_OFFLINE_CHPASS:
             ret = user_info_offline_chpass(pamh, buflen, buf);
             break;
+        case SSS_PAM_USER_INFO_CHPASS_ERROR:
+            ret = user_info_chpass_error(pamh, buflen, buf);
+            break;
         default:
             D(("Unknown user info type [%d]", type));
             ret = PAM_SYSTEM_ERR;
diff --git a/sss_client/sss_cli.h b/sss_client/sss_cli.h
index 55d5a282..7e9a81ff 100644
--- a/sss_client/sss_cli.h
+++ b/sss_client/sss_cli.h
@@ -180,7 +180,8 @@ enum response_type {
 enum user_info_type {
     SSS_PAM_USER_INFO_OFFLINE_AUTH = 0x01,
     SSS_PAM_USER_INFO_OFFLINE_AUTH_DELAYED,
-    SSS_PAM_USER_INFO_OFFLINE_CHPASS
+    SSS_PAM_USER_INFO_OFFLINE_CHPASS,
+    SSS_PAM_USER_INFO_CHPASS_ERROR
 };
 
 enum nss_status sss_nss_make_request(enum sss_cli_command cmd,