diff options
author | Jeffrey Altman <jaltman@secure-endpoints.com> | 2006-11-06 21:55:13 +0000 |
---|---|---|
committer | Jeffrey Altman <jaltman@secure-endpoints.com> | 2006-11-06 21:55:13 +0000 |
commit | d73e09e9a7e2804fe43dcd7ae82f4ce30088809b (patch) | |
tree | 8a4e80a35e80bc8b2c38610467cf0fc29e9ccddc /src/lib/krb5/krb/gic_pwd.c | |
parent | 61b3398c03e8b7dedfd2c101dcb764913c8e9309 (diff) | |
download | krb5-d73e09e9a7e2804fe43dcd7ae82f4ce30088809b.tar.gz krb5-d73e09e9a7e2804fe43dcd7ae82f4ce30088809b.tar.xz krb5-d73e09e9a7e2804fe43dcd7ae82f4ce30088809b.zip |
krb5_get_init_creds_password does not consistently prompt for password changing
krb5_get_init_creds_password() previously did not consistently
handle KRB5KDC_ERR_KEY_EXP errors. If there is a "master_kdc"
entry for the realm and the KDC is reachable, then the function
will prompt the user for a password change. Otherwise, it will
return the error code to the caller. If the caller is a ticket
manager, it will prompt the user for a password change with a
dialog that is different from the one generated by the prompter
function passed to krb5_get_init_creds_password.
With this change krb5_get_init_creds_password() will always
prompt the user if it would return KRB5KDC_ERR_KEY_EXP unless
the function is compiled with USE_LOGIN_LIBRARY. (KFM)
ticket: new
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18764 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/krb5/krb/gic_pwd.c')
-rw-r--r-- | src/lib/krb5/krb/gic_pwd.c | 10 |
1 files changed, 4 insertions, 6 deletions
diff --git a/src/lib/krb5/krb/gic_pwd.c b/src/lib/krb5/krb/gic_pwd.c index f2837effb..ef9a6b354 100644 --- a/src/lib/krb5/krb/gic_pwd.c +++ b/src/lib/krb5/krb/gic_pwd.c @@ -163,12 +163,10 @@ krb5_get_init_creds_password(krb5_context context, krb5_creds *creds, krb5_princ /* if the master is unreachable, return the error from the slave we were able to contact */ - if ((ret2 == KRB5_KDC_UNREACH) || - (ret2 == KRB5_REALM_CANT_RESOLVE) || - (ret2 == KRB5_REALM_UNKNOWN)) - goto cleanup; - - ret = ret2; + if ((ret2 != KRB5_KDC_UNREACH) && + (ret2 != KRB5_REALM_CANT_RESOLVE) && + (ret2 != KRB5_REALM_UNKNOWN)) + ret = ret2; } #ifdef USE_LOGIN_LIBRARY |