[krbdev.mit.edu #5371] krb5_change_password returns inconsistent result_code and result_code_string on success

[pod via RT]

By visual inspection the function krb5_chpw_result_code_string()
(src/lib/krb5/krb/chpw.c) when called with result_code == 0
(i.e. KRB5_KPASSWD_SUCCESS) will fill in code_string with "Password change
failed".  This will in turn be propagated to the caller of
krb5_change_password() and might result in a confusing string to be
displayed to the user.  Currently callers of krb5_change_password() in the
distribution itself all seem to make use of result_code_string only if
result_code != 0 so the inconsistency is ignored.  Patch is trivial.

I note also that krb5int_setpw_result_code_string() does not make use of
all the KRB5_KPASSWD #defines provided in krb5/krb5.h but instead uses
literal 5, 6, 7, and 0 explicitly in the switch statement.  I have not
messed with this since I don't fully understand the motivation for the two
almost identical functions krb5_chpw_result_code_string() and
krb5int_setpw_result_code_string().  I suspect the reasons are historic,
predating RFC3244.

Index: src/lib/krb5/krb/chpw.c
===================================================================
--- src/lib/krb5/krb/chpw.c     (revision 19061)
+++ src/lib/krb5/krb/chpw.c     (working copy)
@@ -242,6 +242,9 @@
 krb5_chpw_result_code_string(krb5_context context, int result_code, char **code_string)
 {
    switch (result_code) {
+   case KRB5_KPASSWD_SUCCESS:
+      *code_string = "Password changed";
+      break;
    case KRB5_KPASSWD_MALFORMED:
       *code_string = "Malformed request error";
       break;