From cd5b718ebeab1c923af7a5c3c0a5c717c5659c7d Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Tue, 6 Sep 2011 10:55:15 +0200 Subject: Improve error message for LDAP password constraint violation https://fedorahosted.org/sssd/ticket/985 --- src/providers/ldap/ldap_auth.c | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) (limited to 'src/providers/ldap/ldap_auth.c') diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c index ef4477cf..390ea8bc 100644 --- a/src/providers/ldap/ldap_auth.c +++ b/src/providers/ldap/ldap_auth.c @@ -904,7 +904,7 @@ static void sdap_pam_chpass_done(struct tevent_req *req) ret = sdap_exop_modify_passwd_recv(req, state, &result, &user_error_message); talloc_zfree(req); - if (ret) { + if (ret && ret != EIO) { state->pd->pam_status = PAM_SYSTEM_ERR; goto done; } @@ -914,19 +914,24 @@ static void sdap_pam_chpass_done(struct tevent_req *req) state->pd->pam_status = PAM_SUCCESS; dp_err = DP_ERR_OK; break; + case SDAP_AUTH_PW_CONSTRAINT_VIOLATION: + state->pd->pam_status = PAM_NEW_AUTHTOK_REQD; + break; default: state->pd->pam_status = PAM_AUTHTOK_ERR; - if (user_error_message != NULL) { - ret = pack_user_info_chpass_error(state->pd, user_error_message, - &msg_len, &msg); + break; + } + + if (state->pd->pam_status != PAM_SUCCESS && user_error_message != NULL) { + ret = pack_user_info_chpass_error(state->pd, user_error_message, + &msg_len, &msg); + if (ret != EOK) { + DEBUG(1, ("pack_user_info_chpass_error failed.\n")); + } else { + ret = pam_add_response(state->pd, SSS_PAM_USER_INFO, msg_len, + msg); if (ret != EOK) { - DEBUG(1, ("pack_user_info_chpass_error failed.\n")); - } else { - ret = pam_add_response(state->pd, SSS_PAM_USER_INFO, msg_len, - msg); - if (ret != EOK) { - DEBUG(1, ("pam_add_response failed.\n")); - } + DEBUG(1, ("pam_add_response failed.\n")); } } } -- cgit