[sssd/f20] Handle new error code for IPA password migration

Thu Mar 13 20:04:50 UTC 2014

commit 55158b4c43d193eed34d8dc50b0f32d3eac70137
Author: Sumit Bose <sbose at redhat.com>
Date:   Thu Mar 13 20:14:42 2014 +0100

    Handle new error code for IPA password migration

 ...ndle-KRB5_PROG_ETYPE_NOSUPP-during-IPA-pa.patch |   31 ++++++++++++++++++++
 sssd.spec                                          |    6 +++-
 2 files changed, 36 insertions(+), 1 deletions(-)
---

diff --git a/0007-IPA-KRB5-handle-KRB5_PROG_ETYPE_NOSUPP-during-IPA-pa.patch b/0007-IPA-KRB5-handle-KRB5_PROG_ETYPE_NOSUPP-during-IPA-pa.patch
new file mode 100644
index 0000000..a72dd18
--- /dev/null
+++ b/0007-IPA-KRB5-handle-KRB5_PROG_ETYPE_NOSUPP-during-IPA-pa.patch
@@ -0,0 +1,31 @@
+From 63bf0b7697d5a51b5338070d0e2652d49a4728ce Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose at redhat.com>
+Date: Tue, 11 Mar 2014 13:16:14 +0100
+Subject: [PATCH] IPA/KRB5: handle KRB5_PROG_ETYPE_NOSUPP during IPA password
+ migration
+
+Fixes https://fedorahosted.org/sssd/ticket/2279
+
+Reviewed-by: Jakub Hrozek <jhrozek at redhat.com>
+---
+ src/providers/krb5/krb5_child.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c
+index 1a677b8..1bff0e9 100644
+--- a/src/providers/krb5/krb5_child.c
++++ b/src/providers/krb5/krb5_child.c
+@@ -990,6 +990,10 @@ static errno_t map_krb5_error(krb5_error_code kerr)
+     case KRB5KRB_AP_ERR_BAD_INTEGRITY:
+         return ERR_AUTH_FAILED;
+ 
++    /* ERR_CREDS_INVALID is used to indicate to the IPA provider that trying
++     * password migration would make sense. All Kerberos error codes which can
++     * be seen while migrating LDAP users to IPA should be added here. */
++    case KRB5_PROG_ETYPE_NOSUPP:
+     case KRB5_PREAUTH_FAILED:
+     case KRB5KDC_ERR_PREAUTH_FAILED:
+         return ERR_CREDS_INVALID;
+-- 
+1.8.3.1
+
diff --git a/sssd.spec b/sssd.spec
index cfd434a..a6ec7db 100644
--- a/sssd.spec
+++ b/sssd.spec
@@ -14,7 +14,7 @@
 
 Name: sssd
 Version: 1.11.4
-Release: 2%{?dist}
+Release: 3%{?dist}
 Group: Applications/System
 Summary: System Security Services Daemon
 License: GPLv3+
@@ -29,6 +29,7 @@ Patch0003: 0003-ipa-server-mode-use-lower-case-user-name-for-home-di.patch
 Patch0004: 0004-IPA-Do-not-save-intermediate-data-to-sysdb.patch
 Patch0005: 0005-Fix-krb5-changepw-when-FAST-only-preauth-methods-are.patch
 Patch0006: 0006-IPA-Use-GC-for-AD-initgroup-requests.patch
+Patch0007: 0007-IPA-KRB5-handle-KRB5_PROG_ETYPE_NOSUPP-during-IPA-pa.patch
 
 Patch0602:  0602-FEDORA-Add-CIFS-idmap-plugin.patch
 
@@ -737,6 +738,9 @@ fi
 %postun -n libsss_idmap -p /sbin/ldconfig
 
 %changelog
+* Thu Mar 13 2014 Sumit Bose <sbose at redhat.com> - 1.11.4-3
+- Handle new error code for IPA password migration
+
 * Mon Mar 11 2014 Jakub Hrozek <jhrozek at redhat.com> - 1.11.4-2
 - Include couple of patches from upstream 1.11 branch
 
