From d73e09e9a7e2804fe43dcd7ae82f4ce30088809b Mon Sep 17 00:00:00 2001 From: Jeffrey Altman Date: Mon, 6 Nov 2006 21:55:13 +0000 Subject: [PATCH] krb5_get_init_creds_password does not consistently prompt for password changing krb5_get_init_creds_password() previously did not consistently handle KRB5KDC_ERR_KEY_EXP errors. If there is a "master_kdc" entry for the realm and the KDC is reachable, then the function will prompt the user for a password change. Otherwise, it will return the error code to the caller. If the caller is a ticket manager, it will prompt the user for a password change with a dialog that is different from the one generated by the prompter function passed to krb5_get_init_creds_password. With this change krb5_get_init_creds_password() will always prompt the user if it would return KRB5KDC_ERR_KEY_EXP unless the function is compiled with USE_LOGIN_LIBRARY. (KFM) ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18764 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/krb/gic_pwd.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/src/lib/krb5/krb/gic_pwd.c b/src/lib/krb5/krb/gic_pwd.c index f2837effb..ef9a6b354 100644 --- a/src/lib/krb5/krb/gic_pwd.c +++ b/src/lib/krb5/krb/gic_pwd.c @@ -163,12 +163,10 @@ krb5_get_init_creds_password(krb5_context context, krb5_creds *creds, krb5_princ /* if the master is unreachable, return the error from the slave we were able to contact */ - if ((ret2 == KRB5_KDC_UNREACH) || - (ret2 == KRB5_REALM_CANT_RESOLVE) || - (ret2 == KRB5_REALM_UNKNOWN)) - goto cleanup; - - ret = ret2; + if ((ret2 != KRB5_KDC_UNREACH) && + (ret2 != KRB5_REALM_CANT_RESOLVE) && + (ret2 != KRB5_REALM_UNKNOWN)) + ret = ret2; } #ifdef USE_LOGIN_LIBRARY -- 2.26.2