pull up r18840 from trunk

 r18840@cathode-dark-space:  jaltman | 2006-11-17 18:14:27 -0500
 ticket: new
 tags: pullup
 subject: reset use_master flag when master_kdc cannot be found 
 
    krb5_get_init_creds_password:
 
 	if the master_kdc cannot be identified reset the use_master
    	flag.  otherwise, the krb5_get_init_creds("kadmin/changepw")
 	call will attempt to communicate with the master_kdc that
 	cannot be reached.
 
 

ticket: 4802
version_fixed: 1.4.5

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18843 dc483132-0cff-0310-8789-dd5450dbe970

1 files changed, 11 insertions, 1 deletions

diff --git a/src/lib/krb5/krb/gic_pwd.c b/src/lib/krb5/krb/gic_pwd.c
index ef9a6b3..f9b1357 100644
--- a/src/lib/krb5/krb/gic_pwd.c
+++ b/src/lib/krb5/krb/gic_pwd.c
@@ -161,12 +161,14 @@ krb5_get_init_creds_password(krb5_context context, krb5_creds *creds, krb5_princ
       }
 
       /* if the master is unreachable, return the error from the
-	 slave we were able to contact */
+	 slave we were able to contact or reset the use_master flag */
 
        if ((ret2 != KRB5_KDC_UNREACH) &&
 	    (ret2 != KRB5_REALM_CANT_RESOLVE) &&
 	    (ret2 != KRB5_REALM_UNKNOWN))
 	   ret = ret2;
+       else
+	   use_master = 0;
    }
 
 #ifdef USE_LOGIN_LIBRARY
@@ -182,6 +184,14 @@ krb5_get_init_creds_password(krb5_context context, krb5_creds *creds, krb5_princ
        (prompter == NULL))
       goto cleanup;
 
+   /* historically the default has been to prompt for password change.
+    * if the change password prompt option has not been set, we continue
+    * to prompt.  Prompting is only disabled if the option has been set
+    * and the value has been set to false.
+    */
+   if (!(options->flags & KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT))
+       goto cleanup;
+
    /* ok, we have an expired password.  Give the user a few chances
       to change it */