summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/providers/krb5/krb5_child.c8
-rw-r--r--src/providers/ldap/sdap_async.c8
2 files changed, 15 insertions, 1 deletions
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c
index a7999b7e..e3dc0fcd 100644
--- a/src/providers/krb5/krb5_child.c
+++ b/src/providers/krb5/krb5_child.c
@@ -1355,7 +1355,7 @@ static errno_t changepw_child(struct krb5_req *kr, bool prelim)
}
}
- if (result_string.length > 0) {
+ if (result_string.length > 0 && result_string.data[0] != '\0') {
DEBUG(1, ("krb5_change_password failed [%d][%.*s].\n", result_code,
result_string.length, result_string.data));
talloc_free(user_error_message);
@@ -1364,6 +1364,12 @@ static errno_t changepw_child(struct krb5_req *kr, bool prelim)
if (user_error_message == NULL) {
DEBUG(1, ("talloc_strndup failed.\n"));
}
+ } else if (result_code == KRB5_KPASSWD_SOFTERROR) {
+ user_error_message = talloc_strdup(kr->pd, "Please make sure the "
+ "password meets the complexity constraints.");
+ if (user_error_message == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_strndup failed.\n"));
+ }
}
if (user_error_message != NULL) {
diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c
index 6dfe9164..bdd3c3c8 100644
--- a/src/providers/ldap/sdap_async.c
+++ b/src/providers/ldap/sdap_async.c
@@ -649,6 +649,14 @@ static void sdap_exop_modify_passwd_done(struct sdap_op *op,
ret = EOK;
break;
case LDAP_CONSTRAINT_VIOLATION:
+ state->user_error_message = talloc_strdup(state,
+ "Please make sure the password meets the complexity constraints.");
+ if (state->user_error_message == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_strdup failed\n"));
+ ret = ENOMEM;
+ goto done;
+ }
+
ret = ERR_CHPASS_DENIED;
break;
default: