nss-pam-ldapd commit: r1895 - nss-pam-ldapd/nslcd

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Commits of the nss-pam-ldapd project <nss-pam-ldapd-commits [at] lists.arthurdejong.org>
To: nss-pam-ldapd-commits [at] lists.arthurdejong.org
Reply-to: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: nss-pam-ldapd commit: r1895 - nss-pam-ldapd/nslcd
Date: Tue, 1 Jan 2013 14:12:29 +0100 (CET)

Author: arthur
Date: Tue Jan  1 14:12:29 2013
New Revision: 1895
URL: http://arthurdejong.org/viewvc/nss-pam-ldapd?revision=1895&view=revision

Log:
log and return a diagnostic message instead of just the LDAP error on password 
change failure

Modified:
   nss-pam-ldapd/nslcd/myldap.c
   nss-pam-ldapd/nslcd/myldap.h
   nss-pam-ldapd/nslcd/pam.c

Modified: nss-pam-ldapd/nslcd/myldap.c
==============================================================================
--- nss-pam-ldapd/nslcd/myldap.c        Tue Jan  1 14:09:05 2013        (r1894)
+++ nss-pam-ldapd/nslcd/myldap.c        Tue Jan  1 14:12:29 2013        (r1895)
@@ -1977,3 +1977,29 @@
   }
   return ldap_modify_ext_s(session->ld, dn, mods, NULL, NULL);
 }
+
+int myldap_error_message(MYLDAP_SESSION *session, int rc,
+                         char *buffer, size_t buflen)
+{
+  char *msg_diag = NULL;
+  if (!is_valid_session(session) || (buffer == NULL) || (buflen <= 0))
+  {
+    log_log(LOG_ERR, "myldap_error_message(): invalid parameter passed");
+    errno = EINVAL;
+    return LDAP_OTHER;
+  }
+  /* clear buffer */
+  buffer[0] = '\0';
+#ifdef LDAP_OPT_DIAGNOSTIC_MESSAGE
+  if (session->ld != NULL)
+    ldap_get_option(session->ld, LDAP_OPT_DIAGNOSTIC_MESSAGE, &msg_diag);
+#endif /* LDAP_OPT_DIAGNOSTIC_MESSAGE */
+  /* return msg_diag or generic error message */
+  mysnprintf(buffer, buflen - 1, "%s",
+             ((msg_diag != NULL) && (msg_diag[0]!='\0')) ?
+             msg_diag : ldap_err2string(rc));
+  /* free diagnostic message */
+  if (msg_diag != NULL)
+    ldap_memfree(msg_diag);
+  return LDAP_SUCCESS;
+}

Modified: nss-pam-ldapd/nslcd/myldap.h
==============================================================================
--- nss-pam-ldapd/nslcd/myldap.h        Tue Jan  1 14:09:05 2013        (r1894)
+++ nss-pam-ldapd/nslcd/myldap.h        Tue Jan  1 14:12:29 2013        (r1895)
@@ -2,7 +2,7 @@
    myldap.h - simple interface to do LDAP requests
    This file is part of the nss-pam-ldapd library.
 
-   Copyright (C) 2007, 2008, 2009, 2010, 2011, 2012 Arthur de Jong
+   Copyright (C) 2007, 2008, 2009, 2010, 2011, 2012, 2013 Arthur de Jong
 
    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
@@ -151,4 +151,9 @@
 /* Perform an LDAP modification request. Returns an LDAP status code. */
 int myldap_modify(MYLDAP_SESSION *session, const char *dn, LDAPMod * mods[]);
 
+/* Get an LDAP error message from the supplied rc and optionally any extra
+   information in the connection. */
+int myldap_error_message(MYLDAP_SESSION *session, int rc,
+                         char *buffer, size_t buflen);
+
 #endif /* not NSLCD__MYLDAP_H */

Modified: nss-pam-ldapd/nslcd/pam.c
==============================================================================
--- nss-pam-ldapd/nslcd/pam.c   Tue Jan  1 14:09:05 2013        (r1894)
+++ nss-pam-ldapd/nslcd/pam.c   Tue Jan  1 14:12:29 2013        (r1895)
@@ -2,7 +2,7 @@
    pam.c - pam processing routines
 
    Copyright (C) 2009 Howard Chu
-   Copyright (C) 2009, 2010, 2011, 2012 Arthur de Jong
+   Copyright (C) 2009, 2010, 2011, 2012, 2013 Arthur de Jong
 
    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
@@ -580,10 +580,11 @@
 /* perform an LDAP password modification, returns an LDAP status code */
 static int try_pwmod(MYLDAP_SESSION *oldsession,
                      const char *binddn, const char *userdn,
-                     const char *oldpassword, const char *newpassword)
+                     const char *oldpassword, const char *newpassword,
+                     char *authzmsg, size_t authzmsg_len)
 {
   MYLDAP_SESSION *session;
-  char buffer[256];
+  char buffer[1024];
   int rc;
   /* set up a new connection */
   session = myldap_create_session();
@@ -608,6 +609,14 @@
         /* retry with the normal session */
         (void)update_lastchange(oldsession, userdn);
     }
+    else
+    {
+      /* get a diagnostic or error message */
+      if ((myldap_error_message(session, rc, buffer, sizeof(buffer)) == 
LDAP_SUCCESS) &&
+          (buffer[0] != '\0'))
+        mysnprintf(authzmsg, authzmsg_len - 1, "password change failed: %s",
+                   buffer);
+    }
   }
   /* close the session */
   myldap_session_close(session);
@@ -696,11 +705,13 @@
     }
   }
   /* perform password modification */
-  rc = try_pwmod(session, binddn, myldap_get_dn(entry), oldpassword, 
newpassword);
+  rc = try_pwmod(session, binddn, myldap_get_dn(entry), oldpassword, 
newpassword,
+                 authzmsg, sizeof(authzmsg));
   if (rc != LDAP_SUCCESS)
   {
-    mysnprintf(authzmsg, sizeof(authzmsg) - 1, "password change failed: %s",
-               ldap_err2string(rc));
+    if (authzmsg[0] == '\0')
+      mysnprintf(authzmsg, sizeof(authzmsg) - 1, "password change failed: %s",
+                 ldap_err2string(rc));
     WRITE_INT32(fp, NSLCD_RESULT_BEGIN);
     WRITE_INT32(fp, NSLCD_PAM_PERM_DENIED);
     WRITE_STRING(fp, authzmsg);
-- 
To unsubscribe send an email to
nss-pam-ldapd-commits-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-commits/

nss-pam-ldapd commit: r1895 - nss-pam-ldapd/nslcd, Commits of the nss-pam-ldapd project

Prev by Date: nss-pam-ldapd commit: r1894 - nss-pam-ldapd/nslcd
Next by Date: nss-pam-ldapd commit: r1896 - nss-pam-ldapd/common
Previous by thread: nss-pam-ldapd commit: r1894 - nss-pam-ldapd/nslcd
Next by thread: nss-pam-ldapd commit: r1896 - nss-pam-ldapd/common