summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/providers/krb5/krb5_child.c12
1 files changed, 12 insertions, 0 deletions
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c
index c4af471d0..0e5556048 100644
--- a/src/providers/krb5/krb5_child.c
+++ b/src/providers/krb5/krb5_child.c
@@ -620,6 +620,12 @@ static errno_t changepw_child(int fd, struct krb5_req *kr)
char *changepw_princ = NULL;
krb5_prompter_fct prompter = sss_krb5_prompter;
+ if (kr->pd->authtok_type != SSS_AUTHTOK_TYPE_PASSWORD) {
+ pam_status = PAM_CRED_INSUFFICIENT;
+ kerr = KRB5KRB_ERR_GENERIC;
+ goto sendresponse;
+ }
+
pass_str = talloc_strndup(kr, (const char *) kr->pd->authtok,
kr->pd->authtok_size);
if (pass_str == NULL) {
@@ -760,6 +766,12 @@ static errno_t tgt_req_child(int fd, struct krb5_req *kr)
char *changepw_princ = NULL;
int pam_status = PAM_SYSTEM_ERR;
+ if (kr->pd->authtok_type != SSS_AUTHTOK_TYPE_PASSWORD) {
+ pam_status = PAM_CRED_INSUFFICIENT;
+ kerr = KRB5KRB_ERR_GENERIC;
+ goto sendresponse;
+ }
+
pass_str = talloc_strndup(kr, (const char *) kr->pd->authtok,
kr->pd->authtok_size);
if (pass_str == NULL) {