KRB5: Handle ERR_CHPASS_FAILED

The Kerberos provider didn't handle ERR_CHPASS_FAILED at all, which resulted in the default return code (System Error) to be returned if password change failed for pretty much any reason, including password too recent etc.
author: Jakub Hrozek <jhrozek@redhat.com> 2013-10-29 05:05:29 +0100
committer: Jakub Hrozek <jhrozek@redhat.com> 2013-10-29 16:30:32 +0100
commit: 8c689528d0dbc0e840406944a10ca07e66f7c812 (patch)
tree: 175b5408bd107afbb37ffdd5e30e0ca3b9079b67 /src
parent: 529275739ace47a352476298cb028f86a9853776 (diff)
download: sssd-8c689528d0dbc0e840406944a10ca07e66f7c812.tar.gz
sssd-8c689528d0dbc0e840406944a10ca07e66f7c812.tar.xz
sssd-8c689528d0dbc0e840406944a10ca07e66f7c812.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c
index b4c205789..ce461f5ad 100644
--- a/src/providers/krb5/krb5_auth.c
+++ b/src/providers/krb5/krb5_auth.c
@@ -1024,6 +1024,12 @@ static void krb5_auth_done(struct tevent_req *subreq)
         ret = EOK;
         goto done;
 
+    case ERR_CHPASS_FAILED:
+        state->pam_status = PAM_AUTHTOK_ERR;
+        state->dp_err = DP_ERR_OK;
+        ret = EOK;
+        goto done;
+
     default:
         state->pam_status = PAM_SYSTEM_ERR;
         state->dp_err = DP_ERR_OK;
author	Jakub Hrozek <jhrozek@redhat.com>	2013-10-29 05:05:29 +0100
committer	Jakub Hrozek <jhrozek@redhat.com>	2013-10-29 16:30:32 +0100
commit	8c689528d0dbc0e840406944a10ca07e66f7c812 (patch)
tree	175b5408bd107afbb37ffdd5e30e0ca3b9079b67 /src
parent	529275739ace47a352476298cb028f86a9853776 (diff)
download	sssd-8c689528d0dbc0e840406944a10ca07e66f7c812.tar.gz sssd-8c689528d0dbc0e840406944a10ca07e66f7c812.tar.xz sssd-8c689528d0dbc0e840406944a10ca07e66f7c812.zip