diff options
Diffstat (limited to 'src/lib/krb5/krb/gic_pwd.c')
-rw-r--r-- | src/lib/krb5/krb/gic_pwd.c | 28 |
1 files changed, 17 insertions, 11 deletions
diff --git a/src/lib/krb5/krb/gic_pwd.c b/src/lib/krb5/krb/gic_pwd.c index 7ca4343..f867989 100644 --- a/src/lib/krb5/krb/gic_pwd.c +++ b/src/lib/krb5/krb/gic_pwd.c @@ -1,5 +1,4 @@ #include "k5-int.h" -#include "com_err.h" static krb5_error_code krb5_get_as_key_password(context, client, etype, prompter, prompter_data, @@ -97,7 +96,7 @@ krb5_get_init_creds_password(context, creds, client, password, prompter, data, krb5_get_init_creds_opt *options; { krb5_error_code ret, ret2; - int master; + int use_master; krb5_kdc_rep *as_reply; int tries; krb5_creds chpw_creds; @@ -107,7 +106,7 @@ krb5_get_init_creds_password(context, creds, client, password, prompter, data, krb5_prompt prompt[2]; krb5_prompt_type prompt_types[sizeof(prompt)/sizeof(prompt[0])]; - master = 0; + use_master = 0; as_reply = NULL; memset(&chpw_creds, 0, sizeof(chpw_creds)); @@ -133,7 +132,7 @@ krb5_get_init_creds_password(context, creds, client, password, prompter, data, ret = krb5_get_init_creds(context, creds, client, prompter, data, start_time, in_tkt_service, options, krb5_get_as_key_password, (void *) &pw0, - &master, &as_reply); + use_master, &as_reply); /* check for success */ @@ -144,19 +143,20 @@ krb5_get_init_creds_password(context, creds, client, password, prompter, data, user interrupt, fail */ if ((ret == KRB5_KDC_UNREACH) || - (ret == KRB5_LIBOS_PWDINTR)) + (ret == KRB5_LIBOS_PWDINTR) || + (ret == KRB5_REALM_CANT_RESOLVE)) goto cleanup; /* if the reply did not come from the master kdc, try again with the master kdc */ - if (!master) { - master = 1; + if (!use_master) { + use_master = 1; ret2 = krb5_get_init_creds(context, creds, client, prompter, data, start_time, in_tkt_service, options, krb5_get_as_key_password, (void *) &pw0, - &master, &as_reply); + use_master, &as_reply); if (ret2 == 0) { ret = 0; @@ -166,12 +166,18 @@ krb5_get_init_creds_password(context, creds, client, password, prompter, data, /* if the master is unreachable, return the error from the slave we were able to contact */ - if (ret2 == KRB5_KDC_UNREACH) + if ((ret2 == KRB5_KDC_UNREACH) || + (ret2 == KRB5_REALM_CANT_RESOLVE)) goto cleanup; ret = ret2; } +#ifdef USE_LOGIN_LIBRARY + if (ret == KRB5KDC_ERR_KEY_EXP) + goto cleanup; /* Login library will deal appropriately with this error */ +#endif + /* at this point, we have an error from the master. if the error is not password expired, or if it is but there's no prompter, return this error */ @@ -195,7 +201,7 @@ krb5_get_init_creds_password(context, creds, client, password, prompter, data, prompter, data, start_time, "kadmin/changepw", &chpw_opts, krb5_get_as_key_password, (void *) &pw0, - &master, NULL))) + use_master, NULL))) goto cleanup; prompt[0].prompt = "Enter new password"; @@ -282,7 +288,7 @@ krb5_get_init_creds_password(context, creds, client, password, prompter, data, ret = krb5_get_init_creds(context, creds, client, prompter, data, start_time, in_tkt_service, options, krb5_get_as_key_password, (void *) &pw0, - &master, &as_reply); + use_master, &as_reply); cleanup: krb5int_set_prompt_types(context, 0); |