heimdal: Fix reauthentication after password change

If the KDC requires a password change kinit will ask after the initial authentication for a new password. After the password has been changed it does reauthentication and for that it needs to use the new password we just set. It is needed for the a new kpasswd service test. This is already fixed upstream with: 911c99375741281adae305f6ec3a3317023eba3e Signed-off-by: Andreas Schneider <[email protected]> Reviewed-by: Jeremy Allison <[email protected]>
darabosj · Sep 11, 2016 · b3e324a · b3e324a
1 parent c855a37
commit b3e324a
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/source4/heimdal/lib/krb5/init_creds_pw.c b/source4/heimdal/lib/krb5/init_creds_pw.c
@@ -1990,6 +1990,7 @@ krb5_get_init_creds_password(krb5_context context,
 {
     krb5_init_creds_context ctx;
     char buf[BUFSIZ];
+    char buf2[BUFSIZ];
     krb5_error_code ret;
     int chpw = 0;
 
@@ -2041,8 +2042,6 @@ krb5_get_init_creds_password(krb5_context context,
 
 
     if (ret == KRB5KDC_ERR_KEY_EXPIRED && chpw == 0) {
-	char buf2[1024];
-
 	/* try to avoid recursion */
 	if (in_tkt_service != NULL && strcmp(in_tkt_service, "kadmin/changepw") == 0)
 	   goto out;
@@ -2055,13 +2054,14 @@ krb5_get_init_creds_password(krb5_context context,
 			       client,
 			       ctx->password,
 			       buf2,
-			       sizeof(buf),
+			       sizeof(buf2),
 			       prompter,
 			       data,
 			       options);
 	if (ret)
 	    goto out;
 	chpw = 1;
+	password = buf2;
 	krb5_init_creds_free(context, ctx);
 	goto again;
     }
@@ -2074,6 +2074,7 @@ krb5_get_init_creds_password(krb5_context context,
 	krb5_init_creds_free(context, ctx);
 
     memset(buf, 0, sizeof(buf));
+    memset(buf2, 0, sizeof(buf2));
     return ret;
 }