diff options
| author | Alexandra Ellwood <lxs@mit.edu> | 2008-10-29 20:36:49 +0000 |
|---|---|---|
| committer | Alexandra Ellwood <lxs@mit.edu> | 2008-10-29 20:36:49 +0000 |
| commit | 7467d84293c39f68221a78e419a5c4b57d6fb789 (patch) | |
| tree | e34fa37a822cd4bfcb35b4ac8f73bc487d36bb72 | |
| parent | f3b81bb59566e6ded787f0485968bd9a8ff7d435 (diff) | |
| download | krb5-7467d84293c39f68221a78e419a5c4b57d6fb789.tar.gz krb5-7467d84293c39f68221a78e419a5c4b57d6fb789.tar.xz krb5-7467d84293c39f68221a78e419a5c4b57d6fb789.zip | |
Remove saved password if it fails to get tickets
Note that if preauth is turned on the password may be removed for
other reasons. This is because preauth failing can mean several
things. Better to always remove it than have the user sometimes
get stuck though.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20936 dc483132-0cff-0310-8789-dd5450dbe970
| -rw-r--r-- | src/kim/lib/kim_credential.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/src/kim/lib/kim_credential.c b/src/kim/lib/kim_credential.c index c565f80cc..7b49c42dc 100644 --- a/src/kim/lib/kim_credential.c +++ b/src/kim/lib/kim_credential.c @@ -330,6 +330,7 @@ kim_error kim_credential_create_new_with_password (kim_credential *out_credentia /* set counter to zero so we can tell if we got prompted */ context.prompt_count = 0; + context.password_to_save = NULL; err = krb5_error (credential->context, krb5_get_init_creds_password (credential->context, @@ -406,11 +407,20 @@ kim_error kim_credential_create_new_with_password (kim_credential *out_credentia } else if (prompt_count) { /* User was prompted and might have entered bad info * so report error and try again. */ + err = kim_ui_handle_kim_error (&context, identity, kim_ui_error_type_authentication, err); } + if (err == KRB5KRB_AP_ERR_BAD_INTEGRITY || + err == KRB5KDC_ERR_PREAUTH_FAILED || + err == KIM_BAD_PASSWORD_ERR || err == KIM_PREAUTH_FAILED_ERR) { + /* if the password could have failed, remove any saved ones + * or the user will get stuck. */ + kim_os_identity_remove_saved_password (identity); + } + if (free_creds) { krb5_free_cred_contents (credential->context, &creds); } } |