[SSSD] [PATCH] Send error message from krb5_child to backend.

Fri, 24 May 2013 07:53:06 -0700 

ehlo,

Commit c6872e79e8496fd075e20aec0343ade99cca725c caused that password migration
doesn't work using sssd.

If pre authentication failed then we should send message to backend,
so password migration could be detected.

https://fedorahosted.org/sssd/ticket/1873

Patch is attached.

LS

>From d06051bfed83a5ff5edc9fe4193f8495b8772ee1 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lsleb...@redhat.com>
Date: Fri, 24 May 2013 16:38:17 +0200
Subject: [PATCH] Send error message from krb5_child to backend.

If pre authentication failed then we should send message to backend,
so password migration could be detected.

https://fedorahosted.org/sssd/ticket/1873
---
 src/providers/krb5/krb5_child.c | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c
index 
4626f59ff48fada92e1b38033dfc910c181af7c4..8134c96f88d62aa151717a76fe99dc82684ae0ef
 100644
--- a/src/providers/krb5/krb5_child.c
+++ b/src/providers/krb5/krb5_child.c
@@ -809,6 +809,25 @@ static errno_t k5c_attach_ccname_msg(struct krb5_req *kr)
     return ret;
 }
 
+static errno_t k5c_attach_error_msg(struct krb5_req *kr, krb5_error_code kerr)
+{
+    const char *krb5_msg = NULL;
+    errno_t ret;
+
+    krb5_msg = sss_krb5_get_error_message(krb5_error_ctx, kerr);
+    if (krb5_msg == NULL) {
+        DEBUG(SSSDBG_CRIT_FAILURE, ("sss_krb5_get_error_message failed.\n"));
+        return ENOENT;
+    }
+
+    ret = pam_add_response(kr->pd, SSS_PAM_SYSTEM_INFO,
+                           strlen(krb5_msg) + 1,
+                           (const uint8_t *) krb5_msg);
+    sss_krb5_free_error_message(krb5_error_ctx, krb5_msg);
+
+    return ret;
+}
+
 static errno_t k5c_send_data(struct krb5_req *kr, int fd, errno_t error)
 {
     size_t written;
@@ -1340,6 +1359,13 @@ static errno_t tgt_req_child(struct krb5_req *kr)
     if (kerr != KRB5KDC_ERR_KEY_EXP) {
         if (kerr == 0) {
             kerr = k5c_attach_ccname_msg(kr);
+        } else if (kerr == KRB5KDC_ERR_PREAUTH_FAILED) {
+            ret = k5c_attach_error_msg(kr, kerr);
+            if (ret != EOK) {
+                DEBUG(SSSDBG_TRACE_FUNC,
+                      ("Function k5c_attach_error_msg failed [%d][%s].\n",
+                       kerr, strerror(kerr)));
+            }
         }
         ret = map_krb5_error(kerr);
         goto done;
-- 
1.8.1.4


_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel

Reply via email to