1 files changed, 0 insertions, 82 deletions
diff --git a/Improve-bad-password-inference-in-kinit.patch b/Improve-bad-password-inference-in-kinit.patch
deleted file mode 100644
index b6c17e8..0000000
--- a/Improve-bad-password-inference-in-kinit.patch
+++ /dev/null
@@ -1,82 +0,0 @@
-From 79d626dde9e7e38da79da1911338e18998e348df Mon Sep 17 00:00:00 2001
-From: Greg Hudson <ghudson@mit.edu>
-Date: Mon, 25 Jul 2016 13:28:43 -0400
-Subject: [PATCH] Improve bad password inference in kinit
-
-kinit currently outputs "Password incorrect" if it sees a
-bad-integrity error code, which results if the KDC reply couldn't be
-decrypted, or when encrypted timestamp preauth fails against an MIT
-krb5 1.14 or earlier KDC.  Expand this check to include general
-preauth failures reported by the KDC, but only if a password was
-prompted for.
-
-ticket: 8465 (new)
-(cherry picked from commit 1a83ffad4d8e405ce696536c06d9bce1f8100595)
----
- src/clients/kinit/kinit.c | 26 ++++++++++++++++++++------
- 1 file changed, 20 insertions(+), 6 deletions(-)
-
-diff --git a/src/clients/kinit/kinit.c b/src/clients/kinit/kinit.c
-index eba36b9..990fd11 100644
---- a/src/clients/kinit/kinit.c
-+++ b/src/clients/kinit/kinit.c
-@@ -700,9 +700,18 @@ kinit_prompter(
-     krb5_prompt prompts[]
- )
- {
--    krb5_error_code rc =
--        krb5_prompter_posix(ctx, data, name, banner, num_prompts, prompts);
--    return rc;
-+    krb5_boolean *pwprompt = data;
-+    krb5_prompt_type *ptypes;
-+    int i;
-+
-+    /* Make a note if we receive a password prompt. */
-+    ptypes = krb5_get_prompt_types(ctx);
-+    for (i = 0; i < num_prompts; i++) {
-+        if (ptypes != NULL && ptypes[i] == KRB5_PROMPT_TYPE_PASSWORD)
-+            *pwprompt = TRUE;
-+    }
-+
-+    return krb5_prompter_posix(ctx, data, name, banner, num_prompts, prompts);
- }
- 
- static int
-@@ -715,6 +724,7 @@ k5_kinit(opts, k5)
-     krb5_creds my_creds;
-     krb5_error_code code = 0;
-     krb5_get_init_creds_opt *options = NULL;
-+    krb5_boolean pwprompt = FALSE;
-     int i;
- 
-     memset(&my_creds, 0, sizeof(my_creds));
-@@ -819,7 +829,7 @@ k5_kinit(opts, k5)
-     switch (opts->action) {
-     case INIT_PW:
-         code = krb5_get_init_creds_password(k5->ctx, &my_creds, k5->me,
--                                            0, kinit_prompter, 0,
-+                                            0, kinit_prompter, &pwprompt,
-                                             opts->starttime,
-                                             opts->service_name,
-                                             options);
-@@ -856,11 +866,15 @@ k5_kinit(opts, k5)
-             break;
-         }
- 
--        if (code == KRB5KRB_AP_ERR_BAD_INTEGRITY)
-+        /* If reply decryption failed, or if pre-authentication failed and we
-+         * were prompted for a password, assume the password was wrong. */
-+        if (code == KRB5KRB_AP_ERR_BAD_INTEGRITY ||
-+            (pwprompt && code == KRB5KDC_ERR_PREAUTH_FAILED)) {
-             fprintf(stderr, _("%s: Password incorrect while %s\n"), progname,
-                     doing);
--        else
-+        } else {
-             com_err(progname, code, _("while %s"), doing);
-+        }
-         goto cleanup;
-     }
- 
--- 
-2.9.3
-