From 408e751200c67ddc07604333301e631d43394058 Mon Sep 17 00:00:00 2001 From: Howard Chu Date: Sat, 18 Apr 2009 23:10:58 +0000 Subject: [PATCH] Move tmpluser to authz call; print authz messages regardless of success status --- .../slapd-modules/nssov/nss-ldapd/nss/pam.c | 26 ++++++++++++++----- 1 file changed, 20 insertions(+), 6 deletions(-) diff --git a/contrib/slapd-modules/nssov/nss-ldapd/nss/pam.c b/contrib/slapd-modules/nssov/nss-ldapd/nss/pam.c index ba1a90f0a0..281f66ff2a 100644 --- a/contrib/slapd-modules/nssov/nss-ldapd/nss/pam.c +++ b/contrib/slapd-modules/nssov/nss-ldapd/nss/pam.c @@ -193,7 +193,6 @@ static enum nss_status pam_read_authc( READ_INT32(fp,ctx->authz); READ_STRING_BUF(fp,ctx->dn); READ_STRING_BUF(fp,ctx->authzmsg); - READ_STRING_BUF(fp,ctx->tmpluser); return NSS_STATUS_SUCCESS; } @@ -317,6 +316,7 @@ static enum nss_status pam_read_authz( READ_INT32(fp,ctx->authz); READ_STRING_BUF(fp,ctx->authzmsg); + READ_STRING_BUF(fp,ctx->tmpluser); return NSS_STATUS_SUCCESS; } @@ -386,11 +386,12 @@ int pam_sm_acct_mgmt( if (rc != PAM_IGNORE) pam_warn(appconv, "LDAP authorization failed", PAM_ERROR_MSG, no_warn); } else { - if (ctx2.authz != PAM_SUCCESS) - pam_warn(appconv, ctx2.authzmsg, PAM_ERROR_MSG, no_warn); - else if ( ctx->authz != PAM_SUCCESS ) { + if (ctx2.authzmsg && ctx2.authzmsg[0]) + pam_warn(appconv, ctx2.authzmsg, PAM_TEXT_INFO, no_warn); + if (ctx2.authz == PAM_SUCCESS) { rc = ctx->authz; - pam_warn(appconv, ctx->authzmsg, PAM_ERROR_MSG, no_warn); + if (ctx->authzmsg && ctx->authzmsg[0]) + pam_warn(appconv, ctx->authzmsg, PAM_TEXT_INFO, no_warn); } } if ( rc == PAM_SUCCESS && ctx->tmpluser && ctx->tmpluser[0] ) { @@ -531,6 +532,19 @@ int pam_sm_close_session( return rc; } +static enum nss_status pam_read_pwmod( + TFILE *fp,pld_ctx *ctx,int *errnop) +{ + char *buffer = ctx->buf; + size_t buflen = sizeof(ctx->buf); + size_t bufptr = 0; + int32_t tmpint32; + + READ_INT32(fp,ctx->authz); + READ_STRING_BUF(fp,ctx->authzmsg); + return NSS_STATUS_SUCCESS; +} + static enum nss_status pam_do_pwmod( pld_ctx *ctx, const char *user, const char *oldpw, const char *newpw, int *errnop) { @@ -539,7 +553,7 @@ static enum nss_status pam_do_pwmod( WRITE_STRING(fp,user); WRITE_STRING(fp,oldpw); WRITE_STRING(fp,newpw), - pam_read_authz(fp,ctx,errnop)); + pam_read_pwmod(fp,ctx,errnop)); } int pam_sm_chauthtok( -- 2.39.5