[sssd/f20] Handle new error code for IPA password migration
sbose
sbose at fedoraproject.org
Thu Mar 13 20:04:50 UTC 2014
commit 55158b4c43d193eed34d8dc50b0f32d3eac70137
Author: Sumit Bose <sbose at redhat.com>
Date: Thu Mar 13 20:14:42 2014 +0100
Handle new error code for IPA password migration
...ndle-KRB5_PROG_ETYPE_NOSUPP-during-IPA-pa.patch | 31 ++++++++++++++++++++
sssd.spec | 6 +++-
2 files changed, 36 insertions(+), 1 deletions(-)
---
diff --git a/0007-IPA-KRB5-handle-KRB5_PROG_ETYPE_NOSUPP-during-IPA-pa.patch b/0007-IPA-KRB5-handle-KRB5_PROG_ETYPE_NOSUPP-during-IPA-pa.patch
new file mode 100644
index 0000000..a72dd18
--- /dev/null
+++ b/0007-IPA-KRB5-handle-KRB5_PROG_ETYPE_NOSUPP-during-IPA-pa.patch
@@ -0,0 +1,31 @@
+From 63bf0b7697d5a51b5338070d0e2652d49a4728ce Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose at redhat.com>
+Date: Tue, 11 Mar 2014 13:16:14 +0100
+Subject: [PATCH] IPA/KRB5: handle KRB5_PROG_ETYPE_NOSUPP during IPA password
+ migration
+
+Fixes https://fedorahosted.org/sssd/ticket/2279
+
+Reviewed-by: Jakub Hrozek <jhrozek at redhat.com>
+---
+ src/providers/krb5/krb5_child.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c
+index 1a677b8..1bff0e9 100644
+--- a/src/providers/krb5/krb5_child.c
++++ b/src/providers/krb5/krb5_child.c
+@@ -990,6 +990,10 @@ static errno_t map_krb5_error(krb5_error_code kerr)
+ case KRB5KRB_AP_ERR_BAD_INTEGRITY:
+ return ERR_AUTH_FAILED;
+
++ /* ERR_CREDS_INVALID is used to indicate to the IPA provider that trying
++ * password migration would make sense. All Kerberos error codes which can
++ * be seen while migrating LDAP users to IPA should be added here. */
++ case KRB5_PROG_ETYPE_NOSUPP:
+ case KRB5_PREAUTH_FAILED:
+ case KRB5KDC_ERR_PREAUTH_FAILED:
+ return ERR_CREDS_INVALID;
+--
+1.8.3.1
+
diff --git a/sssd.spec b/sssd.spec
index cfd434a..a6ec7db 100644
--- a/sssd.spec
+++ b/sssd.spec
@@ -14,7 +14,7 @@
Name: sssd
Version: 1.11.4
-Release: 2%{?dist}
+Release: 3%{?dist}
Group: Applications/System
Summary: System Security Services Daemon
License: GPLv3+
@@ -29,6 +29,7 @@ Patch0003: 0003-ipa-server-mode-use-lower-case-user-name-for-home-di.patch
Patch0004: 0004-IPA-Do-not-save-intermediate-data-to-sysdb.patch
Patch0005: 0005-Fix-krb5-changepw-when-FAST-only-preauth-methods-are.patch
Patch0006: 0006-IPA-Use-GC-for-AD-initgroup-requests.patch
+Patch0007: 0007-IPA-KRB5-handle-KRB5_PROG_ETYPE_NOSUPP-during-IPA-pa.patch
Patch0602: 0602-FEDORA-Add-CIFS-idmap-plugin.patch
@@ -737,6 +738,9 @@ fi
%postun -n libsss_idmap -p /sbin/ldconfig
%changelog
+* Thu Mar 13 2014 Sumit Bose <sbose at redhat.com> - 1.11.4-3
+- Handle new error code for IPA password migration
+
* Mon Mar 11 2014 Jakub Hrozek <jhrozek at redhat.com> - 1.11.4-2
- Include couple of patches from upstream 1.11 branch
More information about the scm-commits
mailing list