return correct PAM status code for when LDAP server is unavailable (based on a patch by Pierre Gambarotto)

git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1315 ef36b2f9-881f-0410-afb5-c4e39611909c

3 files changed, 19 insertions, 9 deletions

diff --git a/nslcd/common.h b/nslcd/common.h
index 83bb451..90e9b10 100644
--- a/nslcd/common.h
+++ b/nslcd/common.h
@@ -89,7 +89,7 @@ MUST_USE char *lookup_dn2uid(MYLDAP_SESSION *session,const char *dn,int *rcp,cha
 MUST_USE char *dn2uid(MYLDAP_SESSION *session,const char *dn,char *buf,size_t buflen);
 
 /* use the user id to lookup an LDAP entry */
-MYLDAP_ENTRY *uid2entry(MYLDAP_SESSION *session,const char *uid);
+MYLDAP_ENTRY *uid2entry(MYLDAP_SESSION *session,const char *uid,int *rcp);
 
 /* transforms the uid into a DN by doing an LDAP lookup */
 MUST_USE char *uid2dn(MYLDAP_SESSION *session,const char *uid,char *buf,size_t buflen);
diff --git a/nslcd/pam.c b/nslcd/pam.c
index c4bc4f0..d8e9bab 100644
--- a/nslcd/pam.c
+++ b/nslcd/pam.c
@@ -69,6 +69,7 @@ static int try_bind(const char *userdn,const char *password)
 static int validate_user(MYLDAP_SESSION *session,char *userdn,size_t userdnsz,
                          char *username,size_t usernamesz)
 {
+  int rc;
   MYLDAP_ENTRY *entry=NULL;
   const char *value;
   const char **values;
@@ -76,17 +77,17 @@ static int validate_user(MYLDAP_SESSION *session,char *userdn,size_t userdnsz,
   if (!isvalidname(username))
   {
     log_log(LOG_WARNING,"\"%s\": invalid user name",username);
-    return LDAP_INVALID_SYNTAX;
+    return LDAP_NO_SUCH_OBJECT;
   }
   /* look up user DN if not known */
   if (userdn[0]=='\0')
   {
     /* get the user entry based on the username */
-    entry=uid2entry(session,username);
+    entry=uid2entry(session,username,&rc);
     if (entry==NULL)
     {
-      log_log(LOG_WARNING,"\"%s\": user not found",username);
-      return LDAP_NO_SUCH_OBJECT;
+      log_log(LOG_WARNING,"\"%s\": user not found: %s",username,ldap_err2string(rc));
+      return rc;
     }
     /* get the DN */
     myldap_cpy_dn(entry,userdn,userdnsz);
@@ -165,8 +166,17 @@ int nslcd_pam_authc(TFILE *fp,MYLDAP_SESSION *session,uid_t calleruid)
       strcpy(password,nslcd_cfg->ldc_rootpwmodpw);
     }
   }
-  else if (validate_user(session,userdn,sizeof(userdn),username,sizeof(username))!=LDAP_SUCCESS)
+  else if ((rc=validate_user(session,userdn,sizeof(userdn),username,sizeof(username)))!=LDAP_SUCCESS)
   {
+    if (rc!=LDAP_NO_SUCH_OBJECT)
+    {
+      WRITE_INT32(fp,NSLCD_RESULT_BEGIN);
+      WRITE_STRING(fp,username);
+      WRITE_STRING(fp,"");
+      WRITE_INT32(fp,NSLCD_PAM_AUTHINFO_UNAVAIL);  /* authc */
+      WRITE_INT32(fp,NSLCD_PAM_AUTHINFO_UNAVAIL);  /* authz */
+      WRITE_STRING(fp,"LDAP server unavaiable"); /* authzmsg */
+    }
     WRITE_INT32(fp,NSLCD_RESULT_END);
     return -1;
   }
diff --git a/nslcd/passwd.c b/nslcd/passwd.c
index e24fdcf..f0dceb0 100644
--- a/nslcd/passwd.c
+++ b/nslcd/passwd.c
@@ -252,7 +252,7 @@ char *dn2uid(MYLDAP_SESSION *session,const char *dn,char *buf,size_t buflen)
   return uid;
 }
 
-MYLDAP_ENTRY *uid2entry(MYLDAP_SESSION *session,const char *uid)
+MYLDAP_ENTRY *uid2entry(MYLDAP_SESSION *session,const char *uid,int *rcp)
 {
   MYLDAP_SEARCH *search=NULL;
   MYLDAP_ENTRY *entry=NULL;
@@ -270,7 +270,7 @@ MYLDAP_ENTRY *uid2entry(MYLDAP_SESSION *session,const char *uid)
   mkfilter_passwd_byname(uid,filter,sizeof(filter));
   for (i=0;(i<NSS_LDAP_CONFIG_MAX_BASES)&&((base=passwd_bases[i])!=NULL);i++)
   {
-    search=myldap_search(session,base,passwd_scope,filter,attrs,NULL);
+    search=myldap_search(session,base,passwd_scope,filter,attrs,rcp);
     if (search==NULL)
       return NULL;
     entry=myldap_get_entry(search,NULL);
@@ -284,7 +284,7 @@ char *uid2dn(MYLDAP_SESSION *session,const char *uid,char *buf,size_t buflen)
 {
   MYLDAP_ENTRY *entry;
   /* look up the entry */
-  entry=uid2entry(session,uid);
+  entry=uid2entry(session,uid,NULL);
   if (entry==NULL)
     return NULL;
   /* get DN */