diff options
author | Pavel Březina <pbrezina@redhat.com> | 2013-07-15 13:44:31 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-07-17 13:13:28 +0200 |
commit | 6f6e4408cedaebbfcef61e5adb78ba75abe5839d (patch) | |
tree | 69945946006467a75e7d6815812ecc1ef6d76900 | |
parent | 1bb04648878b7b3e3897484e7cfc2d11725c8014 (diff) | |
download | sssd-6f6e4408cedaebbfcef61e5adb78ba75abe5839d.tar.gz sssd-6f6e4408cedaebbfcef61e5adb78ba75abe5839d.tar.bz2 sssd-6f6e4408cedaebbfcef61e5adb78ba75abe5839d.zip |
print hint about password complexity when new password is rejected
https://fedorahosted.org/sssd/ticket/1827
-rw-r--r-- | src/providers/krb5/krb5_child.c | 8 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async.c | 8 |
2 files changed, 15 insertions, 1 deletions
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c index a7999b7e..e3dc0fcd 100644 --- a/src/providers/krb5/krb5_child.c +++ b/src/providers/krb5/krb5_child.c @@ -1355,7 +1355,7 @@ static errno_t changepw_child(struct krb5_req *kr, bool prelim) } } - if (result_string.length > 0) { + if (result_string.length > 0 && result_string.data[0] != '\0') { DEBUG(1, ("krb5_change_password failed [%d][%.*s].\n", result_code, result_string.length, result_string.data)); talloc_free(user_error_message); @@ -1364,6 +1364,12 @@ static errno_t changepw_child(struct krb5_req *kr, bool prelim) if (user_error_message == NULL) { DEBUG(1, ("talloc_strndup failed.\n")); } + } else if (result_code == KRB5_KPASSWD_SOFTERROR) { + user_error_message = talloc_strdup(kr->pd, "Please make sure the " + "password meets the complexity constraints."); + if (user_error_message == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_strndup failed.\n")); + } } if (user_error_message != NULL) { diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c index 6dfe9164..bdd3c3c8 100644 --- a/src/providers/ldap/sdap_async.c +++ b/src/providers/ldap/sdap_async.c @@ -649,6 +649,14 @@ static void sdap_exop_modify_passwd_done(struct sdap_op *op, ret = EOK; break; case LDAP_CONSTRAINT_VIOLATION: + state->user_error_message = talloc_strdup(state, + "Please make sure the password meets the complexity constraints."); + if (state->user_error_message == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_strdup failed\n")); + ret = ENOMEM; + goto done; + } + ret = ERR_CHPASS_DENIED; break; default: |