From 8c689528d0dbc0e840406944a10ca07e66f7c812 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Tue, 29 Oct 2013 05:05:29 +0100
Subject: KRB5: Handle ERR_CHPASS_FAILED

The Kerberos provider didn't handle ERR_CHPASS_FAILED at all, which
resulted in the default return code (System Error) to be returned if
password change failed for pretty much any reason, including password
too recent etc.
---
 src/providers/krb5/krb5_auth.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c
index b4c205789..ce461f5ad 100644
--- a/src/providers/krb5/krb5_auth.c
+++ b/src/providers/krb5/krb5_auth.c
@@ -1024,6 +1024,12 @@ static void krb5_auth_done(struct tevent_req *subreq)
         ret = EOK;
         goto done;
 
+    case ERR_CHPASS_FAILED:
+        state->pam_status = PAM_AUTHTOK_ERR;
+        state->dp_err = DP_ERR_OK;
+        ret = EOK;
+        goto done;
+
     default:
         state->pam_status = PAM_SYSTEM_ERR;
         state->dp_err = DP_ERR_OK;
-- 
cgit