r18764@cathode-dark-space: jaltman | 2006-11-06 16:55:13 -0500
ticket: new
tags: pullup
subject: krb5_get_init_creds_password does not consistently prompt for password changing
krb5_get_init_creds_password() previously did not consistently
handle KRB5KDC_ERR_KEY_EXP errors. If there is a "master_kdc"
entry for the realm and the KDC is reachable, then the function
will prompt the user for a password change. Otherwise, it will
return the error code to the caller. If the caller is a ticket
manager, it will prompt the user for a password change with a
dialog that is different from the one generated by the prompter
function passed to krb5_get_init_creds_password.
With this change krb5_get_init_creds_password() will always
prompt the user if it would return KRB5KDC_ERR_KEY_EXP unless
the function is compiled with USE_LOGIN_LIBRARY. (KFM)
ticket: 4639
version_fixed: 1.5.2
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-5@18770
dc483132-0cff-0310-8789-
dd5450dbe970
/* if the master is unreachable, return the error from the
slave we were able to contact */
- if ((ret2 == KRB5_KDC_UNREACH) ||
- (ret2 == KRB5_REALM_CANT_RESOLVE) ||
- (ret2 == KRB5_REALM_UNKNOWN))
- goto cleanup;
-
- ret = ret2;
+ if ((ret2 != KRB5_KDC_UNREACH) &&
+ (ret2 != KRB5_REALM_CANT_RESOLVE) &&
+ (ret2 != KRB5_REALM_UNKNOWN))
+ ret = ret2;
}
#ifdef USE_LOGIN_LIBRARY