From 22a21e910fd216ec1468fe769dcc29f1621a52a4 Mon Sep 17 00:00:00 2001 From: Ondrej Kos Date: Thu, 13 Jun 2013 15:28:23 +0200 Subject: KRB: Handle preauthentication error correctly https://fedorahosted.org/sssd/ticket/1873 KRB preauthentication error was later mishandled like authentication error. --- src/providers/krb5/krb5_auth.c | 6 ++++++ src/providers/krb5/krb5_child.c | 4 +++- 2 files changed, 9 insertions(+), 1 deletion(-) (limited to 'src/providers/krb5') diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c index f65e5993d..f6acfb489 100644 --- a/src/providers/krb5/krb5_auth.c +++ b/src/providers/krb5/krb5_auth.c @@ -1026,6 +1026,12 @@ static void krb5_auth_done(struct tevent_req *subreq) ret = EOK; goto done; + case ERR_CREDS_INVALID: + state->pam_status = PAM_CRED_ERR; + state->dp_err = DP_ERR_OK; + ret = EOK; + goto done; + case ERR_NO_CREDS: state->pam_status = PAM_CRED_UNAVAIL; state->dp_err = DP_ERR_OK; diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c index 8f746a8db..74d730aaa 100644 --- a/src/providers/krb5/krb5_child.c +++ b/src/providers/krb5/krb5_child.c @@ -1172,9 +1172,11 @@ static errno_t map_krb5_error(krb5_error_code kerr) return ERR_CREDS_EXPIRED; case KRB5KRB_AP_ERR_BAD_INTEGRITY: + return ERR_AUTH_FAILED; + case KRB5_PREAUTH_FAILED: case KRB5KDC_ERR_PREAUTH_FAILED: - return ERR_AUTH_FAILED; + return ERR_CREDS_INVALID; default: return ERR_INTERNAL; -- cgit