oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

heimdal Return HDB_ERR_NOT_FOUND_HERE to the caller

Browse Source 
This means that no reply packet should be generated, but that instead
the user of the libkdc API should forward the packet to a real KDC,
that has a full database.

Andrew Bartlett

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
This commit is contained in:
Andrew Bartlett
2010-11-12 12:31:33 +11:00
committed by Love Hornquist Astrand
parent edb2464ab9
commit 10f9468f9d
3 changed files with 34 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
kdc/kerberos5.c
View File

@@ -990,7 +990,10 @@ _kdc_as_rep(krb5_context context,
ret = _kdc_db_fetch(context, config, client_princ,
HDB_F_GET_CLIENT | flags, NULL,
&clientdb, &client);
if(ret){
if(ret == HDB_ERR_NOT_FOUND_HERE) {
kdc_log(context, config, 5, "client %s does not have secrets at this KDC, need to proxy", client_name);
goto out;
} else if(ret){
const char *msg = krb5_get_error_message(context, ret);
kdc_log(context, config, 0, "UNKNOWN -- %s: %s", client_name, msg);
krb5_free_error_message(context, msg);
@@ -1001,7 +1004,10 @@ _kdc_as_rep(krb5_context context,
ret = _kdc_db_fetch(context, config, server_princ,
HDB_F_GET_SERVER|HDB_F_GET_KRBTGT,
NULL, NULL, &server);
if(ret){
if(ret == HDB_ERR_NOT_FOUND_HERE) {
kdc_log(context, config, 5, "target %s does not have secrets at this KDC, need to proxy", server_name);
goto out;
} else if(ret){
const char *msg = krb5_get_error_message(context, ret);
kdc_log(context, config, 0, "UNKNOWN -- %s: %s", server_name, msg);
krb5_free_error_message(context, msg);
@@ -1778,7 +1784,7 @@ _kdc_as_rep(krb5_context context,
out:
free_AS_REP(&rep);
if(ret){
if(ret != 0 && ret != HDB_ERR_NOT_FOUND_HERE){
krb5_mk_error(context,
ret,
e_text,