summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/providers/krb5/krb5_child.c8
-rw-r--r--src/providers/ldap/sdap_async.c16
2 files changed, 22 insertions, 2 deletions
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c
index 73575b88b..e4dc49327 100644
--- a/src/providers/krb5/krb5_child.c
+++ b/src/providers/krb5/krb5_child.c
@@ -1185,7 +1185,7 @@ static errno_t changepw_child(int fd, struct krb5_req *kr)
}
}
- if (result_string.length > 0) {
+ if (result_string.length > 0 && result_string.data[0] != '\0') {
DEBUG(1, ("krb5_change_password failed [%d][%.*s].\n", result_code,
result_string.length, result_string.data));
talloc_free(user_error_message);
@@ -1194,6 +1194,12 @@ static errno_t changepw_child(int fd, struct krb5_req *kr)
if (user_error_message == NULL) {
DEBUG(1, ("talloc_strndup failed.\n"));
}
+ } else if (result_code == KRB5_KPASSWD_SOFTERROR) {
+ user_error_message = talloc_strdup(kr->pd, "Please make sure the "
+ "password meets the complexity constraints.");
+ if (user_error_message == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_strndup failed.\n"));
+ }
}
if (user_error_message != NULL) {
diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c
index 57c11f30c..2ab61532e 100644
--- a/src/providers/ldap/sdap_async.c
+++ b/src/providers/ldap/sdap_async.c
@@ -641,7 +641,21 @@ static void sdap_exop_modify_passwd_done(struct sdap_op *op,
DEBUG(3, ("ldap_extended_operation result: %s(%d), %s\n",
sss_ldap_err2string(state->result), state->result, errmsg));
- if (state->result != LDAP_SUCCESS) {
+ switch (state->result) {
+ case LDAP_SUCCESS:
+ ret = EOK;
+ break;
+ case LDAP_CONSTRAINT_VIOLATION:
+ state->user_error_message = talloc_strdup(state,
+ "Please make sure the password meets the complexity constraints.");
+ if (state->user_error_message == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_strdup failed\n"));
+ ret = ENOMEM;
+ goto done;
+ }
+ ret = EIO;
+ goto done;
+ default:
if (errmsg) {
state->user_error_message = talloc_strdup(state, errmsg);
if (state->user_error_message == NULL) {