Krb5/PAM: Fix account lockout error handling

The krb5 provider was mapping KRB5KDC_ERR_CLIENT_REVOKED as ERR_ACCOUNT_EXPIRED. This is incorrect as KRB5KDC_ERR_CLIENT_REVOKED is returned by the KDC when an account lockout is in effect. When an account is expired the kdc returns KRB5KDC_ERR_NAME_EXP. Fix the mapping by adding a new ERR_ACCOUNT_LOCKOUT sssd_error code. Resolves: https://fedorahosted.org/sssd/ticket/2924 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
author: Simo Sorce <simo@redhat.com> 2016-01-13 14:34:33 -0500
committer: Jakub Hrozek <jhrozek@redhat.com> 2016-01-14 18:34:06 +0100
commit: 19e44537c28f6d5f011cd7ac885c74c1e892605f (patch)
tree: 84d790ce62902c56894d593bc365d6d436ab8d94 /src/util/util_errors.c
parent: 684191e61d891b1c34f3742a40d5a2ed6a1192dd (diff)
download: sssd-19e44537c28f6d5f011cd7ac885c74c1e892605f.tar.gz
sssd-19e44537c28f6d5f011cd7ac885c74c1e892605f.tar.xz
sssd-19e44537c28f6d5f011cd7ac885c74c1e892605f.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/src/util/util_errors.c b/src/util/util_errors.c
index ed19346d..e7f30ab3 100644
--- a/src/util/util_errors.c
+++ b/src/util/util_errors.c
@@ -82,6 +82,7 @@ struct err_string error_to_str[] = {
     { "Address family not supported" }, /* ERR_ADDR_FAMILY_NOT_SUPPORTED */
     { "Message sender is the bus" }, /* ERR_SBUS_SENDER_BUS */
     { "Subdomain is inactive" }, /* ERR_SUBDOM_INACTIVE */
+    { "Account is locked" }, /* ERR_ACCOUNT_LOCKED */
     { "ERR_LAST" } /* ERR_LAST */
 };
author	Simo Sorce <simo@redhat.com>	2016-01-13 14:34:33 -0500
committer	Jakub Hrozek <jhrozek@redhat.com>	2016-01-14 18:34:06 +0100
commit	19e44537c28f6d5f011cd7ac885c74c1e892605f (patch)
tree	84d790ce62902c56894d593bc365d6d436ab8d94 /src/util/util_errors.c
parent	684191e61d891b1c34f3742a40d5a2ed6a1192dd (diff)
download	sssd-19e44537c28f6d5f011cd7ac885c74c1e892605f.tar.gz sssd-19e44537c28f6d5f011cd7ac885c74c1e892605f.tar.xz sssd-19e44537c28f6d5f011cd7ac885c74c1e892605f.zip