diff options
-rw-r--r-- | src/providers/krb5/krb5_child.c | 8 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async.c | 8 |
2 files changed, 15 insertions, 1 deletions
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c index a7999b7e..e3dc0fcd 100644 --- a/src/providers/krb5/krb5_child.c +++ b/src/providers/krb5/krb5_child.c @@ -1355,7 +1355,7 @@ static errno_t changepw_child(struct krb5_req *kr, bool prelim) } } - if (result_string.length > 0) { + if (result_string.length > 0 && result_string.data[0] != '\0') { DEBUG(1, ("krb5_change_password failed [%d][%.*s].\n", result_code, result_string.length, result_string.data)); talloc_free(user_error_message); @@ -1364,6 +1364,12 @@ static errno_t changepw_child(struct krb5_req *kr, bool prelim) if (user_error_message == NULL) { DEBUG(1, ("talloc_strndup failed.\n")); } + } else if (result_code == KRB5_KPASSWD_SOFTERROR) { + user_error_message = talloc_strdup(kr->pd, "Please make sure the " + "password meets the complexity constraints."); + if (user_error_message == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_strndup failed.\n")); + } } if (user_error_message != NULL) { diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c index 6dfe9164..bdd3c3c8 100644 --- a/src/providers/ldap/sdap_async.c +++ b/src/providers/ldap/sdap_async.c @@ -649,6 +649,14 @@ static void sdap_exop_modify_passwd_done(struct sdap_op *op, ret = EOK; break; case LDAP_CONSTRAINT_VIOLATION: + state->user_error_message = talloc_strdup(state, + "Please make sure the password meets the complexity constraints."); + if (state->user_error_message == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_strdup failed\n")); + ret = ENOMEM; + goto done; + } + ret = ERR_CHPASS_DENIED; break; default: |