summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/providers/krb5/krb5_auth.c6
-rw-r--r--src/providers/krb5/krb5_child.c4
-rw-r--r--src/util/util_errors.c1
-rw-r--r--src/util/util_errors.h1
4 files changed, 11 insertions, 1 deletions
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c
index f65e5993..f6acfb48 100644
--- a/src/providers/krb5/krb5_auth.c
+++ b/src/providers/krb5/krb5_auth.c
@@ -1026,6 +1026,12 @@ static void krb5_auth_done(struct tevent_req *subreq)
ret = EOK;
goto done;
+ case ERR_CREDS_INVALID:
+ state->pam_status = PAM_CRED_ERR;
+ state->dp_err = DP_ERR_OK;
+ ret = EOK;
+ goto done;
+
case ERR_NO_CREDS:
state->pam_status = PAM_CRED_UNAVAIL;
state->dp_err = DP_ERR_OK;
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c
index 8f746a8d..74d730aa 100644
--- a/src/providers/krb5/krb5_child.c
+++ b/src/providers/krb5/krb5_child.c
@@ -1172,9 +1172,11 @@ static errno_t map_krb5_error(krb5_error_code kerr)
return ERR_CREDS_EXPIRED;
case KRB5KRB_AP_ERR_BAD_INTEGRITY:
+ return ERR_AUTH_FAILED;
+
case KRB5_PREAUTH_FAILED:
case KRB5KDC_ERR_PREAUTH_FAILED:
- return ERR_AUTH_FAILED;
+ return ERR_CREDS_INVALID;
default:
return ERR_INTERNAL;
diff --git a/src/util/util_errors.c b/src/util/util_errors.c
index b617f540..22a3045a 100644
--- a/src/util/util_errors.c
+++ b/src/util/util_errors.c
@@ -31,6 +31,7 @@ struct err_string error_to_str[] = {
{ "Invalid credential type" }, /* ERR_INVALID_CRED_TYPE */
{ "No credentials available" }, /* ERR_NO_CREDS */
{ "Credentials are expired" }, /* ERR_CREDS_EXPIRED */
+ { "Failure setting user credentials"}, /* ERR_CREDS_INVALID */
{ "No cached credentials available" }, /* ERR_NO_CACHED_CREDS */
{ "Cached credentials are expired" }, /* ERR_CACHED_CREDS_EXPIRED */
{ "Authentication Denied" }, /* ERR_AUTH_DENIED */
diff --git a/src/util/util_errors.h b/src/util/util_errors.h
index a602a6ea..65d37aed 100644
--- a/src/util/util_errors.h
+++ b/src/util/util_errors.h
@@ -53,6 +53,7 @@ enum sssd_errors {
ERR_INVALID_CRED_TYPE,
ERR_NO_CREDS,
ERR_CREDS_EXPIRED,
+ ERR_CREDS_INVALID,
ERR_NO_CACHED_CREDS,
ERR_CACHED_CREDS_EXPIRED,
ERR_AUTH_DENIED,