diff options
Diffstat (limited to 'sss_client')
-rw-r--r-- | sss_client/pam_sss.c | 42 | ||||
-rw-r--r-- | sss_client/sss_cli.h | 3 |
2 files changed, 44 insertions, 1 deletions
diff --git a/sss_client/pam_sss.c b/sss_client/pam_sss.c index 8c970e48..8a1e3129 100644 --- a/sss_client/pam_sss.c +++ b/sss_client/pam_sss.c @@ -496,6 +496,45 @@ static int user_info_offline_chpass(pam_handle_t *pamh, size_t buflen, return PAM_SUCCESS; } +static int user_info_chpass_error(pam_handle_t *pamh, size_t buflen, + uint8_t *buf) +{ + int ret; + uint32_t msg_len; + char user_msg[256]; + + if (buflen < 2* sizeof(uint32_t)) { + D(("User info response data is too short")); + return PAM_BUF_ERR; + } + + memcpy(&msg_len, buf + sizeof(uint32_t), sizeof(uint32_t)); + + if (buflen != 2* sizeof(uint32_t) + msg_len) { + D(("User info response data has the wrong size")); + return PAM_BUF_ERR; + } + + ret = snprintf(user_msg, sizeof(user_msg), "%s%s%.*s", + _("Password change failed. "), + msg_len > 0 ? _("Server message: ") : "", + msg_len, + msg_len > 0 ? (char *)(buf + 2 * sizeof(uint32_t)) : "" ); + if (ret < 0 || ret >= sizeof(user_msg)) { + D(("snprintf failed.")); + return PAM_SYSTEM_ERR; + } + + ret = do_pam_conversation(pamh, PAM_TEXT_INFO, user_msg, NULL, NULL); + if (ret != PAM_SUCCESS) { + D(("do_pam_conversation failed.")); + return PAM_SYSTEM_ERR; + } + + return PAM_SUCCESS; +} + + static int eval_user_info_response(pam_handle_t *pamh, size_t buflen, uint8_t *buf) { @@ -519,6 +558,9 @@ static int eval_user_info_response(pam_handle_t *pamh, size_t buflen, case SSS_PAM_USER_INFO_OFFLINE_CHPASS: ret = user_info_offline_chpass(pamh, buflen, buf); break; + case SSS_PAM_USER_INFO_CHPASS_ERROR: + ret = user_info_chpass_error(pamh, buflen, buf); + break; default: D(("Unknown user info type [%d]", type)); ret = PAM_SYSTEM_ERR; diff --git a/sss_client/sss_cli.h b/sss_client/sss_cli.h index 55d5a282..7e9a81ff 100644 --- a/sss_client/sss_cli.h +++ b/sss_client/sss_cli.h @@ -180,7 +180,8 @@ enum response_type { enum user_info_type { SSS_PAM_USER_INFO_OFFLINE_AUTH = 0x01, SSS_PAM_USER_INFO_OFFLINE_AUTH_DELAYED, - SSS_PAM_USER_INFO_OFFLINE_CHPASS + SSS_PAM_USER_INFO_OFFLINE_CHPASS, + SSS_PAM_USER_INFO_CHPASS_ERROR }; enum nss_status sss_nss_make_request(enum sss_cli_command cmd, |