Handle new error code for IPA password migration

This commit is contained in:
Sumit Bose 2014-03-13 20:14:42 +01:00
parent 1fd6df7177
commit cfb3146269
2 changed files with 36 additions and 1 deletions

View File

@ -0,0 +1,31 @@
From 63bf0b7697d5a51b5338070d0e2652d49a4728ce Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Tue, 11 Mar 2014 13:16:14 +0100
Subject: [PATCH] IPA/KRB5: handle KRB5_PROG_ETYPE_NOSUPP during IPA password
migration
Fixes https://fedorahosted.org/sssd/ticket/2279
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
---
src/providers/krb5/krb5_child.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c
index 1a677b8..1bff0e9 100644
--- a/src/providers/krb5/krb5_child.c
+++ b/src/providers/krb5/krb5_child.c
@@ -990,6 +990,10 @@ static errno_t map_krb5_error(krb5_error_code kerr)
case KRB5KRB_AP_ERR_BAD_INTEGRITY:
return ERR_AUTH_FAILED;
+ /* ERR_CREDS_INVALID is used to indicate to the IPA provider that trying
+ * password migration would make sense. All Kerberos error codes which can
+ * be seen while migrating LDAP users to IPA should be added here. */
+ case KRB5_PROG_ETYPE_NOSUPP:
case KRB5_PREAUTH_FAILED:
case KRB5KDC_ERR_PREAUTH_FAILED:
return ERR_CREDS_INVALID;
--
1.8.3.1

View File

@ -14,7 +14,7 @@
Name: sssd Name: sssd
Version: 1.11.4 Version: 1.11.4
Release: 2%{?dist} Release: 3%{?dist}
Group: Applications/System Group: Applications/System
Summary: System Security Services Daemon Summary: System Security Services Daemon
License: GPLv3+ License: GPLv3+
@ -29,6 +29,7 @@ Patch0003: 0003-ipa-server-mode-use-lower-case-user-name-for-home-di.patch
Patch0004: 0004-IPA-Do-not-save-intermediate-data-to-sysdb.patch Patch0004: 0004-IPA-Do-not-save-intermediate-data-to-sysdb.patch
Patch0005: 0005-Fix-krb5-changepw-when-FAST-only-preauth-methods-are.patch Patch0005: 0005-Fix-krb5-changepw-when-FAST-only-preauth-methods-are.patch
Patch0006: 0006-IPA-Use-GC-for-AD-initgroup-requests.patch Patch0006: 0006-IPA-Use-GC-for-AD-initgroup-requests.patch
Patch0007: 0007-IPA-KRB5-handle-KRB5_PROG_ETYPE_NOSUPP-during-IPA-pa.patch
Patch0602: 0602-FEDORA-Add-CIFS-idmap-plugin.patch Patch0602: 0602-FEDORA-Add-CIFS-idmap-plugin.patch
@ -737,6 +738,9 @@ fi
%postun -n libsss_idmap -p /sbin/ldconfig %postun -n libsss_idmap -p /sbin/ldconfig
%changelog %changelog
* Thu Mar 13 2014 Sumit Bose <sbose@redhat.com> - 1.11.4-3
- Handle new error code for IPA password migration
* Mon Mar 11 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.4-2 * Mon Mar 11 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.4-2
- Include couple of patches from upstream 1.11 branch - Include couple of patches from upstream 1.11 branch