summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJakub Hrozek <jhrozek@redhat.com>2012-01-04 10:11:37 -0500
committerStephen Gallagher <sgallagh@redhat.com>2012-01-06 14:11:12 -0500
commit58e75994a4c03057072c0ed54cefe0965a6a4057 (patch)
tree5c8a61d4b21bb020317bf431f0d3c6a05c2eff6b
parent3d8a87081a6cd197acbd355b5a39111669ec2aa6 (diff)
downloadsssd-58e75994a4c03057072c0ed54cefe0965a6a4057.tar.gz
sssd-58e75994a4c03057072c0ed54cefe0965a6a4057.tar.xz
sssd-58e75994a4c03057072c0ed54cefe0965a6a4057.zip
Do not call krb5_child when changing passwords and provider went offline
https://fedorahosted.org/sssd/ticket/1131
-rw-r--r--src/providers/krb5/krb5_auth.c12
1 files changed, 11 insertions, 1 deletions
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c
index 66cee473c..14a7c547f 100644
--- a/src/providers/krb5/krb5_auth.c
+++ b/src/providers/krb5/krb5_auth.c
@@ -542,9 +542,19 @@ static void krb5_resolve_kdc_done(struct tevent_req *subreq)
/* all servers have been tried and none
* was found good, setting offline,
* but we still have to call the child to setup
- * the ccache file. */
+ * the ccache file if we are performing auth */
be_mark_offline(state->be_ctx);
kr->is_offline = true;
+
+ if (kr->pd->cmd == SSS_PAM_CHAUTHTOK ||
+ kr->pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM) {
+ DEBUG(SSSDBG_TRACE_FUNC,
+ ("No KDC suitable for password change is available\n"));
+ state->pam_status = PAM_AUTHTOK_LOCK_BUSY;
+ state->dp_err = DP_ERR_OK;
+ tevent_req_done(req);
+ return;
+ }
} else {
if (kr->krb5_ctx->kpasswd_service != NULL) {
subreq = be_resolve_server_send(state, state->ev, state->be_ctx,