From: Greg Hudson <ghudson@mit.edu>
Date: Mon, 14 Mar 2016 15:06:49 +0000 (-0400)
Subject: Don't fall back to master on password read error
X-Git-Tag: krb5-1.15-beta1~221
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F424%2Fhead;p=thirdparty%2Fkrb5.git

Don't fall back to master on password read error

If a password or other prompted value cannot be read, retrying with
the master KDC is confusing because it prompts again for the same
input.

ticket: 8381 (new)
---

diff --git a/src/lib/krb5/krb/gic_pwd.c b/src/lib/krb5/krb/gic_pwd.c
index e95673fe47..55aa9d6e88 100644
--- a/src/lib/krb5/krb/gic_pwd.c
+++ b/src/lib/krb5/krb/gic_pwd.c
@@ -326,9 +326,8 @@ krb5_get_init_creds_password(krb5_context context,
     /* If all the kdc's are unavailable, or if the error was due to a
        user interrupt, fail */
 
-    if ((ret == KRB5_KDC_UNREACH) ||
-        (ret == KRB5_LIBOS_PWDINTR) ||
-        (ret == KRB5_REALM_CANT_RESOLVE))
+    if (ret == KRB5_KDC_UNREACH || ret == KRB5_REALM_CANT_RESOLVE ||
+        ret == KRB5_LIBOS_PWDINTR || ret == KRB5_LIBOS_CANTREADPWD)
         goto cleanup;
 
     /* if the reply did not come from the master kdc, try again with