Krb5/PAM: Fix account lockout error handling

The krb5 provider was mapping KRB5KDC_ERR_CLIENT_REVOKED as ERR_ACCOUNT_EXPIRED. This is incorrect as KRB5KDC_ERR_CLIENT_REVOKED is returned by the KDC when an account lockout is in effect. When an account is expired the kdc returns KRB5KDC_ERR_NAME_EXP. Fix the mapping by adding a new ERR_ACCOUNT_LOCKOUT sssd_error code. Resolves: https://fedorahosted.org/sssd/ticket/2924 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
author: Simo Sorce <simo@redhat.com> 2016-01-13 14:34:33 -0500
committer: Jakub Hrozek <jhrozek@redhat.com> 2016-01-14 18:34:06 +0100
commit: 19e44537c28f6d5f011cd7ac885c74c1e892605f (patch)
tree: 84d790ce62902c56894d593bc365d6d436ab8d94 /src/util/util_errors.h
parent: 684191e61d891b1c34f3742a40d5a2ed6a1192dd (diff)
download: sssd-19e44537c28f6d5f011cd7ac885c74c1e892605f.tar.gz
sssd-19e44537c28f6d5f011cd7ac885c74c1e892605f.tar.xz
sssd-19e44537c28f6d5f011cd7ac885c74c1e892605f.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/src/util/util_errors.h b/src/util/util_errors.h
index c1d081912..a1c822c4b 100644
--- a/src/util/util_errors.h
+++ b/src/util/util_errors.h
@@ -104,6 +104,7 @@ enum sssd_errors {
     ERR_ADDR_FAMILY_NOT_SUPPORTED,
     ERR_SBUS_SENDER_BUS,
     ERR_SUBDOM_INACTIVE,
+    ERR_ACCOUNT_LOCKED,
     ERR_LAST            /* ALWAYS LAST */
 };
author	Simo Sorce <simo@redhat.com>	2016-01-13 14:34:33 -0500
committer	Jakub Hrozek <jhrozek@redhat.com>	2016-01-14 18:34:06 +0100
commit	19e44537c28f6d5f011cd7ac885c74c1e892605f (patch)
tree	84d790ce62902c56894d593bc365d6d436ab8d94 /src/util/util_errors.h
parent	684191e61d891b1c34f3742a40d5a2ed6a1192dd (diff)
download	sssd-19e44537c28f6d5f011cd7ac885c74c1e892605f.tar.gz sssd-19e44537c28f6d5f011cd7ac885c74c1e892605f.tar.xz sssd-19e44537c28f6d5f011cd7ac885c74c1e892605f.zip