krb5_get_init_creds_opt_set_change_password_prompt

     krb5_get_init_creds_opt_set_change_password_prompt is a new
     gic option that permits the prompter code to be skipped
     when the password has expired.  This option is meant to 
     be used by credential managers such as NetIDMgr and 
     Kerberos.app that have their own built in password change
     dialogs.

     This patch adds the new function, exports it on Windows,
     and makes use of it within the Krb5 identity provider
     for NetIDMgr.

     The patch is written to ensure that no changes to the
     krb5_get_init_creds_opt structure are required and 
     to ensure that the default behavior, prompting, is 
     maintained.

     The export lists for UNIX and KFM must still be updated.

     The function prototype was committed as part of ticket 3642.
     

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18954 dc483132-0cff-0310-8789-dd5450dbe970

1 files changed, 10 insertions, 1 deletions

diff --git a/src/lib/krb5/krb/gic_opt.c b/src/lib/krb5/krb/gic_opt.c
index 58d07b0..3ec59e8 100644
--- a/src/lib/krb5/krb/gic_opt.c
+++ b/src/lib/krb5/krb/gic_opt.c
@@ -3,7 +3,7 @@
 void KRB5_CALLCONV
 krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt)
 {
-   opt->flags = 0;
+   opt->flags = KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT;
 }
 
 void KRB5_CALLCONV
@@ -63,3 +63,12 @@ krb5_get_init_creds_opt_set_salt(krb5_get_init_creds_opt *opt, krb5_data *salt)
    opt->flags |= KRB5_GET_INIT_CREDS_OPT_SALT;
    opt->salt = salt;
 }
+
+void KRB5_CALLCONV
+krb5_get_init_creds_opt_set_change_password_prompt(krb5_get_init_creds_opt *opt, int prompt)
+{
+   if (prompt)
+     opt->flags |= KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT;
+   else
+     opt->flags &= ~KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT;
+}