From: Alan T. DeKok <aland@freeradius.org>
Date: Tue, 15 Dec 2015 19:42:28 +0000 (-0500)
Subject: Allow password change to work again
X-Git-Tag: release_3_0_11~79
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fee4876e1eeef724cb7ffa451d9b511e0a23e5c0;p=thirdparty%2Ffreeradius-server.git

Allow password change to work again

retry MUST be zero
---

diff --git a/src/modules/rlm_mschap/rlm_mschap.c b/src/modules/rlm_mschap/rlm_mschap.c
index 1d648ad3a7a..d65cf6354d4 100644
--- a/src/modules/rlm_mschap/rlm_mschap.c
+++ b/src/modules/rlm_mschap/rlm_mschap.c
@@ -1408,7 +1408,11 @@ static rlm_rcode_t mschap_error(rlm_mschap_t *inst, REQUEST *request, unsigned c
 	    (smb_ctrl && ((smb_ctrl->vp_integer & ACB_PW_EXPIRED) != 0))) {
 		REDEBUG("Password has expired.  User should retry authentication");
 		error = 648;
-		retry = inst->allow_retry;
+
+		/*
+		 *	A password change is NOT a retry!  We MUST have retry=0 here.
+		 */
+		retry = 0;
 		message = "Password expired";
 		rcode = RLM_MODULE_REJECT;