change password should always reprompt on error
authorAlexandra Ellwood <lxs@mit.edu>
Fri, 10 Oct 2008 20:47:05 +0000 (20:47 +0000)
committerAlexandra Ellwood <lxs@mit.edu>
Fri, 10 Oct 2008 20:47:05 +0000 (20:47 +0000)
Since it collects the password ahead of time, the prompt
count won't get incremented.  Checking whether it
called auth_prompt is useless.

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20860 dc483132-0cff-0310-8789-dd5450dbe970

src/kim/lib/kim_identity.c

index a7edc8c38faa0adb85105882210bca1f67d18748..7cf53d4f00d06ffa35a4e82b63b3196c06be7bb8 100644 (file)
@@ -689,7 +689,7 @@ kim_error kim_identity_change_password_common (kim_identity    in_identity,
         kim_error rejected_err = KIM_NO_ERROR;
         kim_string rejected_message = NULL;
         kim_string rejected_description = NULL;
-        kim_boolean was_prompted = 0;
+        kim_boolean was_prompted = 0;   /* ignore because we always prompt */
         
         err = kim_ui_change_password (in_ui_context,
                                       in_identity,
@@ -747,17 +747,12 @@ kim_error kim_identity_change_password_common (kim_identity    in_identity,
                                        rejected_description);
             
         } else if (err && err != KIM_USER_CANCELED_ERR) {
-            /*  new creds failed, report error to user */
-            kim_error terr = KIM_NO_ERROR;
-            
-            terr = kim_ui_handle_kim_error (in_ui_context, in_identity, 
-                                            kim_ui_error_type_change_password,
-                                            err);
-            
-            if (was_prompted || err == KIM_PASSWORD_MISMATCH_ERR) {
-                /* User could have entered bad info so let them try again. */
-                err = terr;
-            }
+            /* New creds failed, report error to user.
+             * Overwrite error so we loop and let the user try again.
+             * The user always gets prompted so we always loop. */
+            err = kim_ui_handle_kim_error (in_ui_context, in_identity, 
+                                           kim_ui_error_type_change_password,
+                                           err);
             
         } else {
             /* password change succeeded or the user gave up */
@@ -786,6 +781,7 @@ kim_error kim_identity_change_password_common (kim_identity    in_identity,
         
         kim_string_free (&rejected_message);
         kim_string_free (&rejected_description);
+        
         kim_ui_free_string (in_ui_context, &old_password);
         kim_ui_free_string (in_ui_context, &new_password);
         kim_ui_free_string (in_ui_context, &verify_password);