get_init_creds_password: DNS SRV off causes bogus REALM_UNKNOWN

	* gic_pwd.c (krb5_get_init_creds_password): If DNS SRV support is
	turned off, the second call to get_init_creds() will fail with
	KRB5_REALM_UNKNOWN under certain circumstances.  If that happens,
	return the error from the first call to get_init_creds(), which
	will be more useful to the user.

ticket: new
target_version: 1.3.2
tags: pullup
component: krb5-libs

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15761 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog
index cd27b18ec767fcbb38d8f0bec5e1f66ff17ab360..80163b8a3c6f8fcfd059dc08903eff69f0307e5d 100644 (file)
--- a/src/lib/krb5/krb/ChangeLog
+++ b/src/lib/krb5/krb/ChangeLog
@@ -1,3 +1,11 @@
+2003-08-08  Tom Yu  <tlyu@mit.edu>
+
+       * gic_pwd.c (krb5_get_init_creds_password): If DNS SRV support is
+       turned off, the second call to get_init_creds() will fail with
+       KRB5_REALM_UNKNOWN under certain circumstances.  If that happens,
+       return the error from the first call to get_init_creds(), which
+       will be more useful to the user.
+
 2003-07-22  Sam Hartman  <hartmans@avalanche-breakdown.mit.edu>
 
        * preauth2.c (krb5_do_preauth): Use the etype_info2 decoder for decoding etype_info2

diff --git a/src/lib/krb5/krb/gic_pwd.c b/src/lib/krb5/krb/gic_pwd.c
index aa748dbd3dc11bde3c85c821cf3e9ac672222a16..fdd7c514ad5f4a260678b0e5e8cf99f4ecee84c3 100644 (file)
--- a/src/lib/krb5/krb/gic_pwd.c
+++ b/src/lib/krb5/krb/gic_pwd.c
@@ -160,7 +160,8 @@ krb5_get_init_creds_password(krb5_context context, krb5_creds *creds, krb5_princ
         slave we were able to contact */
 
       if ((ret2 == KRB5_KDC_UNREACH) ||
-                 (ret2 == KRB5_REALM_CANT_RESOLVE))
+         (ret2 == KRB5_REALM_CANT_RESOLVE) ||
+         (ret2 == KRB5_REALM_UNKNOWN))
         goto cleanup;
 
       ret = ret2;