heimdal: Fix reauthentication after password change

If the KDC requires a password change kinit will ask after the initial
authentication for a new password. After the password has been changed
it does reauthentication and for that it needs to use the new password
we just set.

It is needed for the a new kpasswd service test.

This is already fixed upstream with:
    911c99375741281adae305f6ec3a3317023eba3e

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

1 files changed, 4 insertions, 3 deletions

diff --git a/source4/heimdal/lib/krb5/init_creds_pw.c b/source4/heimdal/lib/krb5/init_creds_pw.c
index b6c0a643e95..a66ad3597bd 100644
--- a/source4/heimdal/lib/krb5/init_creds_pw.c
+++ b/source4/heimdal/lib/krb5/init_creds_pw.c
@@ -1990,6 +1990,7 @@ krb5_get_init_creds_password(krb5_context context,
 {
     krb5_init_creds_context ctx;
     char buf[BUFSIZ];
+    char buf2[BUFSIZ];
     krb5_error_code ret;
     int chpw = 0;
 
@@ -2041,8 +2042,6 @@ krb5_get_init_creds_password(krb5_context context,
 
 
     if (ret == KRB5KDC_ERR_KEY_EXPIRED && chpw == 0) {
-	char buf2[1024];
-
 	/* try to avoid recursion */
 	if (in_tkt_service != NULL && strcmp(in_tkt_service, "kadmin/changepw") == 0)
 	   goto out;
@@ -2055,13 +2054,14 @@ krb5_get_init_creds_password(krb5_context context,
 			       client,
 			       ctx->password,
 			       buf2,
-			       sizeof(buf),
+			       sizeof(buf2),
 			       prompter,
 			       data,
 			       options);
 	if (ret)
 	    goto out;
 	chpw = 1;
+	password = buf2;
 	krb5_init_creds_free(context, ctx);
 	goto again;
     }
@@ -2074,6 +2074,7 @@ krb5_get_init_creds_password(krb5_context context,
 	krb5_init_creds_free(context, ctx);
 
     memset(buf, 0, sizeof(buf));
+    memset(buf2, 0, sizeof(buf2));
     return ret;
 }