summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2010-11-08 15:00:19 +0100
committerStephen Gallagher <sgallagh@redhat.com>2010-12-03 10:41:28 -0500
commit7470bb938429c7a723f5aad971cc50a805a9ead8 (patch)
tree4d11327ebbaaf07796fe4f0bea9bd757f67f255c
parent92ae4a7ef84f05239da1ac2eba0d7a34161da271 (diff)
downloadsssd-7470bb938429c7a723f5aad971cc50a805a9ead8.tar.gz
sssd-7470bb938429c7a723f5aad971cc50a805a9ead8.tar.bz2
sssd-7470bb938429c7a723f5aad971cc50a805a9ead8.zip
Check authtok type for krb5 auth and chpass
-rw-r--r--src/providers/krb5/krb5_child.c12
1 files changed, 12 insertions, 0 deletions
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c
index c4af471d..0e555604 100644
--- a/src/providers/krb5/krb5_child.c
+++ b/src/providers/krb5/krb5_child.c
@@ -620,6 +620,12 @@ static errno_t changepw_child(int fd, struct krb5_req *kr)
char *changepw_princ = NULL;
krb5_prompter_fct prompter = sss_krb5_prompter;
+ if (kr->pd->authtok_type != SSS_AUTHTOK_TYPE_PASSWORD) {
+ pam_status = PAM_CRED_INSUFFICIENT;
+ kerr = KRB5KRB_ERR_GENERIC;
+ goto sendresponse;
+ }
+
pass_str = talloc_strndup(kr, (const char *) kr->pd->authtok,
kr->pd->authtok_size);
if (pass_str == NULL) {
@@ -760,6 +766,12 @@ static errno_t tgt_req_child(int fd, struct krb5_req *kr)
char *changepw_princ = NULL;
int pam_status = PAM_SYSTEM_ERR;
+ if (kr->pd->authtok_type != SSS_AUTHTOK_TYPE_PASSWORD) {
+ pam_status = PAM_CRED_INSUFFICIENT;
+ kerr = KRB5KRB_ERR_GENERIC;
+ goto sendresponse;
+ }
+
pass_str = talloc_strndup(kr, (const char *) kr->pd->authtok,
kr->pd->authtok_size);
if (pass_str == NULL) {