diff options
author | Ondrej Kos <okos@redhat.com> | 2013-06-13 15:28:23 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-06-14 13:39:08 +0200 |
commit | 22a21e910fd216ec1468fe769dcc29f1621a52a4 (patch) | |
tree | 5b0603cdbb3870eea6c74e4b548e0879fbf331d2 /src/providers | |
parent | d3b39cf07164b23d47bbce3d6e6541b13fc895f5 (diff) | |
download | sssd-22a21e910fd216ec1468fe769dcc29f1621a52a4.tar.gz sssd-22a21e910fd216ec1468fe769dcc29f1621a52a4.tar.bz2 sssd-22a21e910fd216ec1468fe769dcc29f1621a52a4.zip |
KRB: Handle preauthentication error correctly
https://fedorahosted.org/sssd/ticket/1873
KRB preauthentication error was later mishandled like authentication error.
Diffstat (limited to 'src/providers')
-rw-r--r-- | src/providers/krb5/krb5_auth.c | 6 | ||||
-rw-r--r-- | src/providers/krb5/krb5_child.c | 4 |
2 files changed, 9 insertions, 1 deletions
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c index f65e5993..f6acfb48 100644 --- a/src/providers/krb5/krb5_auth.c +++ b/src/providers/krb5/krb5_auth.c @@ -1026,6 +1026,12 @@ static void krb5_auth_done(struct tevent_req *subreq) ret = EOK; goto done; + case ERR_CREDS_INVALID: + state->pam_status = PAM_CRED_ERR; + state->dp_err = DP_ERR_OK; + ret = EOK; + goto done; + case ERR_NO_CREDS: state->pam_status = PAM_CRED_UNAVAIL; state->dp_err = DP_ERR_OK; diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c index 8f746a8d..74d730aa 100644 --- a/src/providers/krb5/krb5_child.c +++ b/src/providers/krb5/krb5_child.c @@ -1172,9 +1172,11 @@ static errno_t map_krb5_error(krb5_error_code kerr) return ERR_CREDS_EXPIRED; case KRB5KRB_AP_ERR_BAD_INTEGRITY: + return ERR_AUTH_FAILED; + case KRB5_PREAUTH_FAILED: case KRB5KDC_ERR_PREAUTH_FAILED: - return ERR_AUTH_FAILED; + return ERR_CREDS_INVALID; default: return ERR_INTERNAL; |