Univention Bugzilla – Bug 48685
Add debug message for unknown exceptions in patched heimdal password change
Last modified: 2020-07-02 00:55:05 CEST
We've a patched heimdal kpasswdd which calls univention.admin.password.change(). Quoting from svn/patches/heimdal/4.2-0-0-ucs/1.6~rc2+dfsg-9-errata4.2-1/0001-password_sync.quilt: + call = PyEval_CallObject(lib_password_change, args); + + if (call == NULL) { + » PyErr_Fetch(&errobj, &errdata, &errtraceback); + » pystring = PyObject_Str(errobj); + » if ( PyString_Check(pystring) ) { + » » const char *err = PyString_AsString(pystring); + » » ucs_error = 1; + + » » if( !strcmp(err, "<class 'univention.admin.uexceptions.pwalreadyused'>")) { + » » » krb5_warnx (context, "%s", err); + » » » reply_priv (auth_context, s, sa, sa_size, KRB5_KPASSWD_SOFTERROR, "Password already used"); + » » } else if( !strcmp(err, "<class 'univention.admin.uexceptions.pwToShort'>")) { + » » » krb5_warnx (context,"%s", err); + » » » reply_priv (auth_context, s, sa, sa_size, KRB5_KPASSWD_SOFTERROR, "Password is too short"); + » » } else if( !strcmp(err, "<class 'univention.admin.uexceptions.pwQuality'>")) { + » » » krb5_warnx (context, "%s", err); + » » » reply_priv (auth_context, s, sa, sa_size, KRB5_KPASSWD_SOFTERROR, "The passwort didn't pass quality check"); + » » } else { + » » » /* + » » » * Ignore all other errors, for example the user is not + » » » * a valid UCS user. + » » » */ + » » » ucs_error = -1; + » » } + » } The "else { Ignore all other errors }" block should create a log message with the "err" string!