oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

kdc: return KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN (PA)

Browse Source 
Return KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN, not HDB_ERR_NOENTRY, if a client
principal could not be found during pre-authentication.

This fixes a regression introduced with synthetic principals in 00358252d3.
This commit is contained in:
Luke Howard
2022-01-01 23:19:42 +11:00
committed by Jeffrey Altman
parent 0492729ba7
commit 52b1dffa63
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
kdc/kerberos5.c
View File

@@ -2289,7 +2289,7 @@ _kdc_as_rep(astgs_request_t r)
if (r->client->entry.flags.synthetic && if (r->client->entry.flags.synthetic &&
!(pat[n].flags & PA_SYNTHETIC_OK)) { !(pat[n].flags & PA_SYNTHETIC_OK)) {
kdc_log(r->context, config, 4, "UNKNOWN -- %s", r->cname); kdc_log(r->context, config, 4, "UNKNOWN -- %s", r->cname);
ret = HDB_ERR_NOENTRY; ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
goto out; goto out;
} }
_kdc_audit_addkv((kdc_request_t)r, KDC_AUDIT_VIS, "pa", "%s", _kdc_audit_addkv((kdc_request_t)r, KDC_AUDIT_VIS, "pa", "%s",
@@ -2344,7 +2344,7 @@ _kdc_as_rep(astgs_request_t r)
if (r->client->entry.flags.synthetic) { if (r->client->entry.flags.synthetic) {
kdc_log(r->context, config, 4, "UNKNOWN -- %s", r->cname); kdc_log(r->context, config, 4, "UNKNOWN -- %s", r->cname);
ret = HDB_ERR_NOENTRY; ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
goto out; goto out;
} }