summaryrefslogtreecommitdiff
path: root/src/providers
diff options
context:
space:
mode:
authorOndrej Kos <okos@redhat.com>2013-06-13 15:28:23 +0200
committerJakub Hrozek <jhrozek@redhat.com>2013-06-14 13:39:08 +0200
commit22a21e910fd216ec1468fe769dcc29f1621a52a4 (patch)
tree5b0603cdbb3870eea6c74e4b548e0879fbf331d2 /src/providers
parentd3b39cf07164b23d47bbce3d6e6541b13fc895f5 (diff)
downloadsssd-22a21e910fd216ec1468fe769dcc29f1621a52a4.tar.gz
sssd-22a21e910fd216ec1468fe769dcc29f1621a52a4.tar.bz2
sssd-22a21e910fd216ec1468fe769dcc29f1621a52a4.zip
KRB: Handle preauthentication error correctly
https://fedorahosted.org/sssd/ticket/1873 KRB preauthentication error was later mishandled like authentication error.
Diffstat (limited to 'src/providers')
-rw-r--r--src/providers/krb5/krb5_auth.c6
-rw-r--r--src/providers/krb5/krb5_child.c4
2 files changed, 9 insertions, 1 deletions
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c
index f65e5993..f6acfb48 100644
--- a/src/providers/krb5/krb5_auth.c
+++ b/src/providers/krb5/krb5_auth.c
@@ -1026,6 +1026,12 @@ static void krb5_auth_done(struct tevent_req *subreq)
ret = EOK;
goto done;
+ case ERR_CREDS_INVALID:
+ state->pam_status = PAM_CRED_ERR;
+ state->dp_err = DP_ERR_OK;
+ ret = EOK;
+ goto done;
+
case ERR_NO_CREDS:
state->pam_status = PAM_CRED_UNAVAIL;
state->dp_err = DP_ERR_OK;
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c
index 8f746a8d..74d730aa 100644
--- a/src/providers/krb5/krb5_child.c
+++ b/src/providers/krb5/krb5_child.c
@@ -1172,9 +1172,11 @@ static errno_t map_krb5_error(krb5_error_code kerr)
return ERR_CREDS_EXPIRED;
case KRB5KRB_AP_ERR_BAD_INTEGRITY:
+ return ERR_AUTH_FAILED;
+
case KRB5_PREAUTH_FAILED:
case KRB5KDC_ERR_PREAUTH_FAILED:
- return ERR_AUTH_FAILED;
+ return ERR_CREDS_INVALID;
default:
return ERR_INTERNAL;