From 7467d84293c39f68221a78e419a5c4b57d6fb789 Mon Sep 17 00:00:00 2001 From: Alexandra Ellwood Date: Wed, 29 Oct 2008 20:36:49 +0000 Subject: [PATCH] Remove saved password if it fails to get tickets Note that if preauth is turned on the password may be removed for other reasons. This is because preauth failing can mean several things. Better to always remove it than have the user sometimes get stuck though. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20936 dc483132-0cff-0310-8789-dd5450dbe970 --- src/kim/lib/kim_credential.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/kim/lib/kim_credential.c b/src/kim/lib/kim_credential.c index c565f80cc..7b49c42dc 100644 --- a/src/kim/lib/kim_credential.c +++ b/src/kim/lib/kim_credential.c @@ -330,6 +330,7 @@ kim_error kim_credential_create_new_with_password (kim_credential *out_credentia /* set counter to zero so we can tell if we got prompted */ context.prompt_count = 0; + context.password_to_save = NULL; err = krb5_error (credential->context, krb5_get_init_creds_password (credential->context, @@ -406,11 +407,20 @@ kim_error kim_credential_create_new_with_password (kim_credential *out_credentia } else if (prompt_count) { /* User was prompted and might have entered bad info * so report error and try again. */ + err = kim_ui_handle_kim_error (&context, identity, kim_ui_error_type_authentication, err); } + if (err == KRB5KRB_AP_ERR_BAD_INTEGRITY || + err == KRB5KDC_ERR_PREAUTH_FAILED || + err == KIM_BAD_PASSWORD_ERR || err == KIM_PREAUTH_FAILED_ERR) { + /* if the password could have failed, remove any saved ones + * or the user will get stuck. */ + kim_os_identity_remove_saved_password (identity); + } + if (free_creds) { krb5_free_cred_contents (credential->context, &creds); } } -- 2.26.2