From: Greg Hudson <ghudson@mit.edu>
Date: Mon, 5 Mar 2012 17:35:14 +0000 (+0000)
Subject: Fix spurious password expiry warning
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=1624388ff4621b24dd855fbcc61bd19ebf7217fa;p=krb5.git

Fix spurious password expiry warning

r24241 (#6755) introduced a bug where if the KDC sends a LastReq entry
containing an account expiry time, we send a prompter warning for
password expiry even if there was no entry containing a password
expiry time.  Typically, this results in the message "Warning: Your
password will expire in less than one hour on Thu Jan  1 12:00:00
1970".

Fix this by explicitly checking for pw_exp == 0 in warn_pw_expiry()
after we've gotten past the conditional for invoking the callback.

ticket: 7098
target_version: 1.9.4
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25730 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/lib/krb5/krb/gic_pwd.c b/src/lib/krb5/krb/gic_pwd.c
index 519196e22..40b448d15 100644
--- a/src/lib/krb5/krb/gic_pwd.c
+++ b/src/lib/krb5/krb/gic_pwd.c
@@ -168,6 +168,10 @@ warn_pw_expiry(krb5_context context, krb5_get_init_creds_opt *options,
         return;
     }
 
+    /* Don't warn if no password expiry value was sent. */
+    if (pw_exp == 0)
+        return;
+
     /* Don't warn if the password is being changed. */
     if (in_tkt_service && strcmp(in_tkt_service, "kadmin/changepw") == 0)
         return;