diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2013-10-29 05:05:29 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-10-29 16:28:00 +0100 |
commit | 5e57b8aadebb0f83450829c8178d897227bfe99a (patch) | |
tree | 221a4a29e035838078006ed541b50d81cef20594 /src | |
parent | 000e61bb652400215a9a851d3630cdc7307af398 (diff) | |
download | sssd-5e57b8aadebb0f83450829c8178d897227bfe99a.tar.gz sssd-5e57b8aadebb0f83450829c8178d897227bfe99a.tar.xz sssd-5e57b8aadebb0f83450829c8178d897227bfe99a.zip |
KRB5: Handle ERR_CHPASS_FAILED
The Kerberos provider didn't handle ERR_CHPASS_FAILED at all, which
resulted in the default return code (System Error) to be returned if
password change failed for pretty much any reason, including password
too recent etc.
Diffstat (limited to 'src')
-rw-r--r-- | src/providers/krb5/krb5_auth.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c index b4c205789..ce461f5ad 100644 --- a/src/providers/krb5/krb5_auth.c +++ b/src/providers/krb5/krb5_auth.c @@ -1024,6 +1024,12 @@ static void krb5_auth_done(struct tevent_req *subreq) ret = EOK; goto done; + case ERR_CHPASS_FAILED: + state->pam_status = PAM_AUTHTOK_ERR; + state->dp_err = DP_ERR_OK; + ret = EOK; + goto done; + default: state->pam_status = PAM_SYSTEM_ERR; state->dp_err = DP_ERR_OK; |