oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

kdc: Don't return PREAUTH_FAILED if encrypted challenge did not fail to decrypt

Browse Source 
Instead we return ETYPE_NOSUPP.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
This commit is contained in:
Joseph Sutton
2021-12-16 11:00:41 +13:00
committed by Luke Howard
parent 842b856e4c
commit 49420aa3a1
1 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
kdc/kerberos5.c
View File

@@ -753,10 +753,12 @@ pa_enc_chal_validate(astgs_request_t r,
goto out;
}
ret = KRB5KDC_ERR_PREAUTH_FAILED;
if (invalidPassword)
if (invalidPassword) {
auth_status->auth_status = HDB_AUTH_WRONG_PASSWORD;
ret = KRB5KDC_ERR_PREAUTH_FAILED;
} else {
ret = KRB5KDC_ERR_ETYPE_NOSUPP;
}
out:
free_EncryptedData(&enc_data);