diff options
| author | Sumit Bose <sbose@redhat.com> | 2009-07-08 20:09:56 +0200 |
|---|---|---|
| committer | Simo Sorce <ssorce@redhat.com> | 2009-07-08 19:19:15 -0400 |
| commit | 3c9c445cebf7f790f06180a46666304939d420d4 (patch) | |
| tree | 265275f04fb565dace3bdb8c370379e8effa98d2 | |
| parent | 61192a25075742f7254ecb42031a58b2f38e31cd (diff) | |
| download | sssd-3c9c445cebf7f790f06180a46666304939d420d4.tar.gz sssd-3c9c445cebf7f790f06180a46666304939d420d4.tar.xz sssd-3c9c445cebf7f790f06180a46666304939d420d4.zip | |
fix return code of krb5 child to indicate that the kdc is unavailable
| -rw-r--r-- | server/providers/krb5/tgt_req_child.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/server/providers/krb5/tgt_req_child.c b/server/providers/krb5/tgt_req_child.c index edb3d1807..af9f52ff3 100644 --- a/server/providers/krb5/tgt_req_child.c +++ b/server/providers/krb5/tgt_req_child.c @@ -66,6 +66,7 @@ void tgt_req_child(int fd, struct krb5_req *kr) const char *cc_name; char *env; const char *krb5_error_msg; + int pam_status = PAM_SYSTEM_ERR; ret = setgid(kr->pd->gr_gid); if (ret == -1) { @@ -103,6 +104,9 @@ void tgt_req_child(int fd, struct krb5_req *kr) kr->options); if (kerr != 0) { KRB5_DEBUG(1, kerr); + if (kerr == KRB5_KDC_UNREACH) { + pam_status = PAM_AUTHINFO_UNAVAIL; + } goto childfailed; } @@ -155,7 +159,7 @@ void tgt_req_child(int fd, struct krb5_req *kr) childfailed: if (kerr != 0 ) { krb5_error_msg = krb5_get_error_message(krb5_error_ctx, kerr); - size = pack_response_packet(buf, PAM_SYSTEM_ERR, PAM_USER_INFO, + size = pack_response_packet(buf, pam_status, PAM_USER_INFO, krb5_error_msg); if (size < 0) { DEBUG(1, ("failed to create response message.\n")); |