KRB5: Handle ERR_CHPASS_FAILED

The Kerberos provider didn't handle ERR_CHPASS_FAILED at all, which resulted in the default return code (System Error) to be returned if password change failed for pretty much any reason, including password too recent etc.
author: Jakub Hrozek <jhrozek@redhat.com> 2013-10-29 05:05:29 +0100
committer: Jakub Hrozek <jhrozek@redhat.com> 2013-10-29 16:28:00 +0100
commit: 5e57b8aadebb0f83450829c8178d897227bfe99a (patch)
tree: 221a4a29e035838078006ed541b50d81cef20594
parent: 000e61bb652400215a9a851d3630cdc7307af398 (diff)
download: sssd-5e57b8aadebb0f83450829c8178d897227bfe99a.tar.gz
sssd-5e57b8aadebb0f83450829c8178d897227bfe99a.tar.xz
sssd-5e57b8aadebb0f83450829c8178d897227bfe99a.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c
index b4c205789..ce461f5ad 100644
--- a/src/providers/krb5/krb5_auth.c
+++ b/src/providers/krb5/krb5_auth.c
@@ -1024,6 +1024,12 @@ static void krb5_auth_done(struct tevent_req *subreq)
         ret = EOK;
         goto done;
 
+    case ERR_CHPASS_FAILED:
+        state->pam_status = PAM_AUTHTOK_ERR;
+        state->dp_err = DP_ERR_OK;
+        ret = EOK;
+        goto done;
+
     default:
         state->pam_status = PAM_SYSTEM_ERR;
         state->dp_err = DP_ERR_OK;
author	Jakub Hrozek <jhrozek@redhat.com>	2013-10-29 05:05:29 +0100
committer	Jakub Hrozek <jhrozek@redhat.com>	2013-10-29 16:28:00 +0100
commit	5e57b8aadebb0f83450829c8178d897227bfe99a (patch)
tree	221a4a29e035838078006ed541b50d81cef20594
parent	000e61bb652400215a9a851d3630cdc7307af398 (diff)
download	sssd-5e57b8aadebb0f83450829c8178d897227bfe99a.tar.gz sssd-5e57b8aadebb0f83450829c8178d897227bfe99a.tar.xz sssd-5e57b8aadebb0f83450829c8178d897227bfe99a.zip