diff options
| author | Pavel Březina <pbrezina@redhat.com> | 2013-07-15 13:44:31 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-07-17 13:16:00 +0200 |
| commit | 044cdd34ff41936fed16c3e41a2164cf89112189 (patch) | |
| tree | 91ad3f9acaaa6ebc248d9873e9357cf395fd58bb | |
| parent | f65eb572cbc8796fefaad52e36a9a6cea0cf51bd (diff) | |
| download | sssd-044cdd34ff41936fed16c3e41a2164cf89112189.tar.gz sssd-044cdd34ff41936fed16c3e41a2164cf89112189.tar.xz sssd-044cdd34ff41936fed16c3e41a2164cf89112189.zip | |
print hint about password complexity when new password is rejected
https://fedorahosted.org/sssd/ticket/1827
| -rw-r--r-- | src/providers/krb5/krb5_child.c | 8 | ||||
| -rw-r--r-- | src/providers/ldap/sdap_async.c | 8 |
2 files changed, 15 insertions, 1 deletions
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c index 4d12b90a2..1c2939acd 100644 --- a/src/providers/krb5/krb5_child.c +++ b/src/providers/krb5/krb5_child.c @@ -1400,7 +1400,7 @@ static errno_t changepw_child(struct krb5_req *kr, bool prelim) } } - if (result_string.length > 0) { + if (result_string.length > 0 && result_string.data[0] != '\0') { DEBUG(1, ("krb5_change_password failed [%d][%.*s].\n", result_code, result_string.length, result_string.data)); talloc_free(user_error_message); @@ -1409,6 +1409,12 @@ static errno_t changepw_child(struct krb5_req *kr, bool prelim) if (user_error_message == NULL) { DEBUG(1, ("talloc_strndup failed.\n")); } + } else if (result_code == KRB5_KPASSWD_SOFTERROR) { + user_error_message = talloc_strdup(kr->pd, "Please make sure the " + "password meets the complexity constraints."); + if (user_error_message == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_strndup failed.\n")); + } } if (user_error_message != NULL) { diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c index 6dfe9164c..bdd3c3c8b 100644 --- a/src/providers/ldap/sdap_async.c +++ b/src/providers/ldap/sdap_async.c @@ -649,6 +649,14 @@ static void sdap_exop_modify_passwd_done(struct sdap_op *op, ret = EOK; break; case LDAP_CONSTRAINT_VIOLATION: + state->user_error_message = talloc_strdup(state, + "Please make sure the password meets the complexity constraints."); + if (state->user_error_message == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_strdup failed\n")); + ret = ENOMEM; + goto done; + } + ret = ERR_CHPASS_DENIED; break; default: |