oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

kdc: Preserve error code from Pre Authentication .validate hook

Browse Source 
This is required to ensure the client still gets errors like KRB5KDC_ERR_PREAUTH_FAILED, rather than
KRB5KDC_ERR_PREAUTH_REQUIRED, which become a confusing KRB5_GET_IN_TKT_LOOP.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
This commit is contained in:
Andrew Bartlett
2014-12-18 16:15:17 +13:00
committed by Nicolas Williams
parent 960fa481be
commit 95256a6129
1 changed files with 7 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
kdc/kerberos5.c
View File

@@ -1782,7 +1782,9 @@ _kdc_as_rep(kdc_request_t r,
pa = _kdc_find_padata(req, &i, pat[n].type); pa = _kdc_find_padata(req, &i, pat[n].type);
if (pa) { if (pa) {
ret = pat[n].validate(r, pa); ret = pat[n].validate(r, pa);
if (ret == 0) { if (ret != 0) {
goto out;
}
kdc_log(context, config, 0, kdc_log(context, config, 0,
"%s pre-authentication succeeded -- %s", "%s pre-authentication succeeded -- %s",
pat[n].name, r->client_name); pat[n].name, r->client_name);
@@ -1791,7 +1793,6 @@ _kdc_as_rep(kdc_request_t r,
} }
} }
} }
}
if (found_pa == 0) { if (found_pa == 0) {
Key *ckey = NULL; Key *ckey = NULL;