From 9dc76c9405860004ebbaeb7da944e06e7767780d Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Mon, 8 Feb 2010 11:53:43 +0100 Subject: Make return values more specific during password change - return PAM_AUTHTOK_ERR instead of PAM_SYSTEM_ERR if the password change operation fails - send a message to the user if the system is offline and the password cannot be changed --- server/providers/ldap/ldap_auth.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'server/providers/ldap/ldap_auth.c') diff --git a/server/providers/ldap/ldap_auth.c b/server/providers/ldap/ldap_auth.c index fbb4e53b..1d1346c0 100644 --- a/server/providers/ldap/ldap_auth.c +++ b/server/providers/ldap/ldap_auth.c @@ -772,7 +772,7 @@ static void sdap_auth4chpass_done(struct tevent_req *req) if (pw_expire_type == PWEXPIRE_SHADOW) { /* TODO: implement async ldap modify request */ DEBUG(1, ("Changing shadow password attributes not implemented.\n")); - state->pd->pam_status = PAM_SYSTEM_ERR; + state->pd->pam_status = PAM_MODULE_UNKNOWN; goto done; } else { subreq = sdap_exop_modify_passwd_send(state, @@ -791,7 +791,9 @@ static void sdap_auth4chpass_done(struct tevent_req *req) return; } break; - + case SDAP_AUTH_FAILED: + state->pd->pam_status = PAM_AUTH_ERR; + break; default: state->pd->pam_status = PAM_SYSTEM_ERR; } @@ -821,7 +823,7 @@ static void sdap_pam_chpass_done(struct tevent_req *req) dp_err = DP_ERR_OK; break; default: - state->pd->pam_status = PAM_SYSTEM_ERR; + state->pd->pam_status = PAM_AUTHTOK_ERR; } done: -- cgit