From: Tom Yu Date: Wed, 8 Nov 2006 23:43:53 +0000 (+0000) Subject: pull up r18764 from trunk X-Git-Tag: krb5-1.5.2-final~10 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=a545bb3dea81755880d3d4c17e2dae40ba52ac1e;p=krb5.git pull up r18764 from trunk r18764@cathode-dark-space: jaltman | 2006-11-06 16:55:13 -0500 ticket: new tags: pullup subject: krb5_get_init_creds_password does not consistently prompt for password changing krb5_get_init_creds_password() previously did not consistently handle KRB5KDC_ERR_KEY_EXP errors. If there is a "master_kdc" entry for the realm and the KDC is reachable, then the function will prompt the user for a password change. Otherwise, it will return the error code to the caller. If the caller is a ticket manager, it will prompt the user for a password change with a dialog that is different from the one generated by the prompter function passed to krb5_get_init_creds_password. With this change krb5_get_init_creds_password() will always prompt the user if it would return KRB5KDC_ERR_KEY_EXP unless the function is compiled with USE_LOGIN_LIBRARY. (KFM) ticket: 4639 version_fixed: 1.5.2 git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-5@18770 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/lib/krb5/krb/gic_pwd.c b/src/lib/krb5/krb/gic_pwd.c index f2837effb..ef9a6b354 100644 --- a/src/lib/krb5/krb/gic_pwd.c +++ b/src/lib/krb5/krb/gic_pwd.c @@ -163,12 +163,10 @@ krb5_get_init_creds_password(krb5_context context, krb5_creds *creds, krb5_princ /* if the master is unreachable, return the error from the slave we were able to contact */ - if ((ret2 == KRB5_KDC_UNREACH) || - (ret2 == KRB5_REALM_CANT_RESOLVE) || - (ret2 == KRB5_REALM_UNKNOWN)) - goto cleanup; - - ret = ret2; + if ((ret2 != KRB5_KDC_UNREACH) && + (ret2 != KRB5_REALM_CANT_RESOLVE) && + (ret2 != KRB5_REALM_UNKNOWN)) + ret = ret2; } #ifdef USE_LOGIN_LIBRARY