diff options
| author | Arthur de Jong <arthur@arthurdejong.org> | 2010-11-17 20:08:09 +0000 |
|---|---|---|
| committer | Arthur de Jong <arthur@arthurdejong.org> | 2010-11-17 20:08:09 +0000 |
| commit | fea0ff28c0ab0a68fae5dafd780829cbf1965d89 (patch) | |
| tree | 03968cc2a26136450e71becd70d299e3525aeed2 /nslcd/pam.c | |
| parent | 460451462470a4fc745d69cc135502f6bb09238b (diff) | |
return correct PAM status code for when LDAP server is unavailable (based on a patch by Pierre Gambarotto)
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1315 ef36b2f9-881f-0410-afb5-c4e39611909c
Diffstat (limited to 'nslcd/pam.c')
| -rw-r--r-- | nslcd/pam.c | 20 |
1 files changed, 15 insertions, 5 deletions
diff --git a/nslcd/pam.c b/nslcd/pam.c index c4bc4f0..d8e9bab 100644 --- a/nslcd/pam.c +++ b/nslcd/pam.c @@ -69,6 +69,7 @@ static int try_bind(const char *userdn,const char *password) static int validate_user(MYLDAP_SESSION *session,char *userdn,size_t userdnsz, char *username,size_t usernamesz) { + int rc; MYLDAP_ENTRY *entry=NULL; const char *value; const char **values; @@ -76,17 +77,17 @@ static int validate_user(MYLDAP_SESSION *session,char *userdn,size_t userdnsz, if (!isvalidname(username)) { log_log(LOG_WARNING,"\"%s\": invalid user name",username); - return LDAP_INVALID_SYNTAX; + return LDAP_NO_SUCH_OBJECT; } /* look up user DN if not known */ if (userdn[0]=='\0') { /* get the user entry based on the username */ - entry=uid2entry(session,username); + entry=uid2entry(session,username,&rc); if (entry==NULL) { - log_log(LOG_WARNING,"\"%s\": user not found",username); - return LDAP_NO_SUCH_OBJECT; + log_log(LOG_WARNING,"\"%s\": user not found: %s",username,ldap_err2string(rc)); + return rc; } /* get the DN */ myldap_cpy_dn(entry,userdn,userdnsz); @@ -165,8 +166,17 @@ int nslcd_pam_authc(TFILE *fp,MYLDAP_SESSION *session,uid_t calleruid) strcpy(password,nslcd_cfg->ldc_rootpwmodpw); } } - else if (validate_user(session,userdn,sizeof(userdn),username,sizeof(username))!=LDAP_SUCCESS) + else if ((rc=validate_user(session,userdn,sizeof(userdn),username,sizeof(username)))!=LDAP_SUCCESS) { + if (rc!=LDAP_NO_SUCH_OBJECT) + { + WRITE_INT32(fp,NSLCD_RESULT_BEGIN); + WRITE_STRING(fp,username); + WRITE_STRING(fp,""); + WRITE_INT32(fp,NSLCD_PAM_AUTHINFO_UNAVAIL); /* authc */ + WRITE_INT32(fp,NSLCD_PAM_AUTHINFO_UNAVAIL); /* authz */ + WRITE_STRING(fp,"LDAP server unavaiable"); /* authzmsg */ + } WRITE_INT32(fp,NSLCD_RESULT_END); return -1; } |