pull up r18764 from trunk
authorTom Yu <tlyu@mit.edu>
Wed, 8 Nov 2006 23:43:53 +0000 (23:43 +0000)
committerTom Yu <tlyu@mit.edu>
Wed, 8 Nov 2006 23:43:53 +0000 (23:43 +0000)
 r18764@cathode-dark-space:  jaltman | 2006-11-06 16:55:13 -0500
 ticket: new
 tags: pullup
 subject: krb5_get_init_creds_password does not consistently prompt for password changing

   krb5_get_init_creds_password() previously did not consistently
  handle KRB5KDC_ERR_KEY_EXP errors.  If there is a "master_kdc"
   entry for the realm and the KDC is reachable, then the function
  will prompt the user for a password change.  Otherwise, it will
  return the error code to the caller.  If the caller is a ticket
  manager, it will prompt the user for a password change with a
  dialog that is different from the one generated by the prompter
  function passed to krb5_get_init_creds_password.

  With this change krb5_get_init_creds_password() will always
  prompt the user if it would return KRB5KDC_ERR_KEY_EXP unless
  the function is compiled with USE_LOGIN_LIBRARY.  (KFM)

ticket: 4639
version_fixed: 1.5.2

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-5@18770 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/krb5/krb/gic_pwd.c

index f2837effb61d9ef788662df6d9d4a66125e511ce..ef9a6b3544c81d6e49dc1fc6ad1dbe7a5536368d 100644 (file)
@@ -163,12 +163,10 @@ krb5_get_init_creds_password(krb5_context context, krb5_creds *creds, krb5_princ
       /* if the master is unreachable, return the error from the
         slave we were able to contact */
 
-      if ((ret2 == KRB5_KDC_UNREACH) ||
-         (ret2 == KRB5_REALM_CANT_RESOLVE) ||
-         (ret2 == KRB5_REALM_UNKNOWN))
-        goto cleanup;
-
-      ret = ret2;
+       if ((ret2 != KRB5_KDC_UNREACH) &&
+           (ret2 != KRB5_REALM_CANT_RESOLVE) &&
+           (ret2 != KRB5_REALM_UNKNOWN))
+          ret = ret2;
    }
 
 #ifdef USE_LOGIN_LIBRARY