75b08040ff
- temporarily bundling the krb5-appl package (split upstream as of 1.8)
until its package review is complete
- profile.d scriptlets are now only needed by -workstation-clients
- adjust paths in init scripts
- drop upstreamed fix for KDC denial of service (CVE-2010-0283)
- drop patch to check the user's password correctly using crypt(), which
isn't a code path we hit when we're using PAM
34 lines
1.5 KiB
Diff
34 lines
1.5 KiB
Diff
Fall back to the library default for whether or not to prompt for a password-
|
|
change during authentication, if we weren't passed any options.
|
|
|
|
diff -up krb5-1.8/src/lib/krb5/krb/gic_pwd.c.opte krb5-1.8/src/lib/krb5/krb/gic_pwd.c
|
|
--- krb5-1.8/src/lib/krb5/krb/gic_pwd.c.opte 2009-12-23 11:00:05.000000000 -0500
|
|
+++ krb5-1.8/src/lib/krb5/krb/gic_pwd.c 2010-03-05 11:03:42.000000000 -0500
|
|
@@ -123,6 +123,7 @@ krb5_get_init_creds_password(krb5_contex
|
|
int tries;
|
|
krb5_creds chpw_creds;
|
|
krb5_get_init_creds_opt *chpw_opts = NULL;
|
|
+ krb5_gic_opt_ext *opte = NULL;
|
|
krb5_data pw0, pw1;
|
|
char banner[1024], pw0array[1024], pw1array[1024];
|
|
krb5_prompt prompt[2];
|
|
@@ -218,7 +219,8 @@ krb5_get_init_creds_password(krb5_contex
|
|
* to prompt. Prompting is only disabled if the option has been set
|
|
* and the value has been set to false.
|
|
*/
|
|
- if (!(options->flags & KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT))
|
|
+ krb5int_gic_opt_to_opte(context, options, &opte, 1, NULL);
|
|
+ if (!(opte->flags & KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT))
|
|
goto cleanup;
|
|
|
|
/* ok, we have an expired password. Give the user a few chances
|
|
@@ -332,6 +334,8 @@ krb5_get_init_creds_password(krb5_contex
|
|
&use_master, &as_reply);
|
|
|
|
cleanup:
|
|
+ if (opte != options)
|
|
+ krb5_get_init_creds_opt_free(context, opte);
|
|
krb5int_set_prompt_types(context, 0);
|
|
/* if getting the password was successful, then check to see if the
|
|
password is about to expire, and warn if so */
|