From 4aa867708142b6151e4525be1b9daa499f5f3128 Mon Sep 17 00:00:00 2001 From: Nicolas Williams Date: Wed, 15 Dec 2021 15:45:56 -0600 Subject: [PATCH] kadm5: Use KADM5_PASS_Q_GENERIC --- kdc/httpkadmind.c | 1 + kpasswd/kpasswdd.c | 8 ++++++-- lib/kadm5/chpass_s.c | 4 ++-- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/kdc/httpkadmind.c b/kdc/httpkadmind.c index ccb24b0a1..fb68f0fd2 100644 --- a/kdc/httpkadmind.c +++ b/kdc/httpkadmind.c @@ -224,6 +224,7 @@ audit_trail(kadmin_request_desc r, krb5_error_code ret) CASE(KADM5_PASS_Q_TOOSHORT); CASE(KADM5_PASS_Q_CLASS); CASE(KADM5_PASS_Q_DICT); + CASE(KADM5_PASS_Q_GENERIC); CASE(KADM5_PASS_REUSE); CASE(KADM5_PASS_TOOSOON); CASE(KADM5_POLICY_REF); diff --git a/kpasswd/kpasswdd.c b/kpasswd/kpasswdd.c index af4d51363..344688e29 100644 --- a/kpasswd/kpasswdd.c +++ b/kpasswd/kpasswdd.c @@ -398,11 +398,15 @@ change (krb5_auth_context auth_context, if (ret) { const char *str = krb5_get_error_message(context, ret); - if (ret == KADM5_PASS_Q_DICT) { + switch (ret) { + case KADM5_PASS_Q_TOOSHORT: + case KADM5_PASS_Q_CLASS: + case KADM5_PASS_Q_DICT: + case KADM5_PASS_Q_GENERIC: krb5_warnx(context, "%s didn't pass password quality check with error: %s", client, str); - } else { + default: krb5_warnx(context, "kadm5_s_chpass_principal_cond: %s", str); } reply_priv (auth_context, s, sa, sa_size, KRB5_KPASSWD_SOFTERROR, diff --git a/lib/kadm5/chpass_s.c b/lib/kadm5/chpass_s.c index ed9632e85..e0d63d2ef 100644 --- a/lib/kadm5/chpass_s.c +++ b/lib/kadm5/chpass_s.c @@ -131,8 +131,8 @@ change(void *server_handle, pwd_reason = kadm5_check_password_quality(context->context, princ, &pwd_data); if (pwd_reason != NULL) { - krb5_set_error_message(context->context, KADM5_PASS_Q_DICT, "%s", pwd_reason); - return KADM5_PASS_Q_DICT; + krb5_set_error_message(context->context, KADM5_PASS_Q_GENERIC, "%s", pwd_reason); + return KADM5_PASS_Q_GENERIC; } }