From 9dc76c9405860004ebbaeb7da944e06e7767780d Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Mon, 8 Feb 2010 11:53:43 +0100
Subject: Make return values more specific during password change

- return PAM_AUTHTOK_ERR instead of PAM_SYSTEM_ERR if the password
  change operation fails
- send a message to the user if the system is offline and the password
  cannot be changed
---
 sss_client/pam_sss.c | 24 ++++++++++++++++++++++++
 sss_client/sss_cli.h |  3 ++-
 2 files changed, 26 insertions(+), 1 deletion(-)

(limited to 'sss_client')

diff --git a/sss_client/pam_sss.c b/sss_client/pam_sss.c
index 6e238ecc..8c970e48 100644
--- a/sss_client/pam_sss.c
+++ b/sss_client/pam_sss.c
@@ -475,6 +475,27 @@ static int user_info_offline_auth_delayed(pam_handle_t *pamh, size_t buflen,
     return PAM_SUCCESS;
 }
 
+static int user_info_offline_chpass(pam_handle_t *pamh, size_t buflen,
+                                    uint8_t *buf)
+{
+    int ret;
+
+    if (buflen != sizeof(uint32_t)) {
+        D(("User info response data has the wrong size"));
+        return PAM_BUF_ERR;
+    }
+
+    ret = do_pam_conversation(pamh, PAM_TEXT_INFO,
+                              _("System is offline, password change not possible"),
+                              NULL, NULL);
+    if (ret != PAM_SUCCESS) {
+        D(("do_pam_conversation failed."));
+        return PAM_SYSTEM_ERR;
+    }
+
+    return PAM_SUCCESS;
+}
+
 static int eval_user_info_response(pam_handle_t *pamh, size_t buflen,
                                    uint8_t *buf)
 {
@@ -495,6 +516,9 @@ static int eval_user_info_response(pam_handle_t *pamh, size_t buflen,
         case SSS_PAM_USER_INFO_OFFLINE_AUTH_DELAYED:
             ret = user_info_offline_auth_delayed(pamh, buflen, buf);
             break;
+        case SSS_PAM_USER_INFO_OFFLINE_CHPASS:
+            ret = user_info_offline_chpass(pamh, buflen, buf);
+            break;
         default:
             D(("Unknown user info type [%d]", type));
             ret = PAM_SYSTEM_ERR;
diff --git a/sss_client/sss_cli.h b/sss_client/sss_cli.h
index 95469611..55d5a282 100644
--- a/sss_client/sss_cli.h
+++ b/sss_client/sss_cli.h
@@ -179,7 +179,8 @@ enum response_type {
 
 enum user_info_type {
     SSS_PAM_USER_INFO_OFFLINE_AUTH = 0x01,
-    SSS_PAM_USER_INFO_OFFLINE_AUTH_DELAYED
+    SSS_PAM_USER_INFO_OFFLINE_AUTH_DELAYED,
+    SSS_PAM_USER_INFO_OFFLINE_CHPASS
 };
 
 enum nss_status sss_nss_make_request(enum sss_cli_command cmd,
-- 
cgit