diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2013-10-29 05:05:29 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-10-29 16:28:00 +0100 |
commit | 5e57b8aadebb0f83450829c8178d897227bfe99a (patch) | |
tree | 221a4a29e035838078006ed541b50d81cef20594 | |
parent | 000e61bb652400215a9a851d3630cdc7307af398 (diff) | |
download | sssd-5e57b8aadebb0f83450829c8178d897227bfe99a.tar.gz sssd-5e57b8aadebb0f83450829c8178d897227bfe99a.tar.xz sssd-5e57b8aadebb0f83450829c8178d897227bfe99a.zip |
KRB5: Handle ERR_CHPASS_FAILED
The Kerberos provider didn't handle ERR_CHPASS_FAILED at all, which
resulted in the default return code (System Error) to be returned if
password change failed for pretty much any reason, including password
too recent etc.
-rw-r--r-- | src/providers/krb5/krb5_auth.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c index b4c205789..ce461f5ad 100644 --- a/src/providers/krb5/krb5_auth.c +++ b/src/providers/krb5/krb5_auth.c @@ -1024,6 +1024,12 @@ static void krb5_auth_done(struct tevent_req *subreq) ret = EOK; goto done; + case ERR_CHPASS_FAILED: + state->pam_status = PAM_AUTHTOK_ERR; + state->dp_err = DP_ERR_OK; + ret = EOK; + goto done; + default: state->pam_status = PAM_SYSTEM_ERR; state->dp_err = DP_ERR_OK; |