diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2013-10-29 05:05:29 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-10-29 16:30:32 +0100 |
commit | 8c689528d0dbc0e840406944a10ca07e66f7c812 (patch) | |
tree | 175b5408bd107afbb37ffdd5e30e0ca3b9079b67 | |
parent | 529275739ace47a352476298cb028f86a9853776 (diff) | |
download | sssd-8c689528d0dbc0e840406944a10ca07e66f7c812.tar.gz sssd-8c689528d0dbc0e840406944a10ca07e66f7c812.tar.xz sssd-8c689528d0dbc0e840406944a10ca07e66f7c812.zip |
KRB5: Handle ERR_CHPASS_FAILED
The Kerberos provider didn't handle ERR_CHPASS_FAILED at all, which
resulted in the default return code (System Error) to be returned if
password change failed for pretty much any reason, including password
too recent etc.
-rw-r--r-- | src/providers/krb5/krb5_auth.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c index b4c205789..ce461f5ad 100644 --- a/src/providers/krb5/krb5_auth.c +++ b/src/providers/krb5/krb5_auth.c @@ -1024,6 +1024,12 @@ static void krb5_auth_done(struct tevent_req *subreq) ret = EOK; goto done; + case ERR_CHPASS_FAILED: + state->pam_status = PAM_AUTHTOK_ERR; + state->dp_err = DP_ERR_OK; + ret = EOK; + goto done; + default: state->pam_status = PAM_SYSTEM_ERR; state->dp_err = DP_ERR_OK; |