From cfb31462697356f0f53621bef8224f6d62b23394 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Thu, 13 Mar 2014 20:14:42 +0100 Subject: [PATCH] Handle new error code for IPA password migration --- ...KRB5_PROG_ETYPE_NOSUPP-during-IPA-pa.patch | 31 +++++++++++++++++++ sssd.spec | 6 +++- 2 files changed, 36 insertions(+), 1 deletion(-) create mode 100644 0007-IPA-KRB5-handle-KRB5_PROG_ETYPE_NOSUPP-during-IPA-pa.patch diff --git a/0007-IPA-KRB5-handle-KRB5_PROG_ETYPE_NOSUPP-during-IPA-pa.patch b/0007-IPA-KRB5-handle-KRB5_PROG_ETYPE_NOSUPP-during-IPA-pa.patch new file mode 100644 index 0000000..a72dd18 --- /dev/null +++ b/0007-IPA-KRB5-handle-KRB5_PROG_ETYPE_NOSUPP-during-IPA-pa.patch @@ -0,0 +1,31 @@ +From 63bf0b7697d5a51b5338070d0e2652d49a4728ce Mon Sep 17 00:00:00 2001 +From: Sumit Bose +Date: Tue, 11 Mar 2014 13:16:14 +0100 +Subject: [PATCH] IPA/KRB5: handle KRB5_PROG_ETYPE_NOSUPP during IPA password + migration + +Fixes https://fedorahosted.org/sssd/ticket/2279 + +Reviewed-by: Jakub Hrozek +--- + src/providers/krb5/krb5_child.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c +index 1a677b8..1bff0e9 100644 +--- a/src/providers/krb5/krb5_child.c ++++ b/src/providers/krb5/krb5_child.c +@@ -990,6 +990,10 @@ static errno_t map_krb5_error(krb5_error_code kerr) + case KRB5KRB_AP_ERR_BAD_INTEGRITY: + return ERR_AUTH_FAILED; + ++ /* ERR_CREDS_INVALID is used to indicate to the IPA provider that trying ++ * password migration would make sense. All Kerberos error codes which can ++ * be seen while migrating LDAP users to IPA should be added here. */ ++ case KRB5_PROG_ETYPE_NOSUPP: + case KRB5_PREAUTH_FAILED: + case KRB5KDC_ERR_PREAUTH_FAILED: + return ERR_CREDS_INVALID; +-- +1.8.3.1 + diff --git a/sssd.spec b/sssd.spec index cfd434a..a6ec7db 100644 --- a/sssd.spec +++ b/sssd.spec @@ -14,7 +14,7 @@ Name: sssd Version: 1.11.4 -Release: 2%{?dist} +Release: 3%{?dist} Group: Applications/System Summary: System Security Services Daemon License: GPLv3+ @@ -29,6 +29,7 @@ Patch0003: 0003-ipa-server-mode-use-lower-case-user-name-for-home-di.patch Patch0004: 0004-IPA-Do-not-save-intermediate-data-to-sysdb.patch Patch0005: 0005-Fix-krb5-changepw-when-FAST-only-preauth-methods-are.patch Patch0006: 0006-IPA-Use-GC-for-AD-initgroup-requests.patch +Patch0007: 0007-IPA-KRB5-handle-KRB5_PROG_ETYPE_NOSUPP-during-IPA-pa.patch Patch0602: 0602-FEDORA-Add-CIFS-idmap-plugin.patch @@ -737,6 +738,9 @@ fi %postun -n libsss_idmap -p /sbin/ldconfig %changelog +* Thu Mar 13 2014 Sumit Bose - 1.11.4-3 +- Handle new error code for IPA password migration + * Mon Mar 11 2014 Jakub Hrozek - 1.11.4-2 - Include couple of patches from upstream 1.11 branch