From 9b62d72d51edf1d591f75261352508781db197dc Mon Sep 17 00:00:00 2001 From: Joseph Sutton Date: Tue, 7 Dec 2021 15:32:20 +1300 Subject: [PATCH] heimdal:kdc: Match Windows error code for unsupported critical FAST options Signed-off-by: Joseph Sutton --- kdc/fast.c | 2 +- lib/krb5/krb5_err.et | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/kdc/fast.c b/kdc/fast.c index 0e3644aee..5c80d29ba 100644 --- a/kdc/fast.c +++ b/kdc/fast.c @@ -516,7 +516,7 @@ fast_unwrap_request(astgs_request_t r) if (FastOptions2int(fastreq.fast_options) & 0xfffc) { kdc_log(r->context, r->config, 2, "FAST unsupported mandatory option set"); - ret = KRB5KDC_ERR_PREAUTH_FAILED; + ret = KRB5_KDC_ERR_UNKNOWN_CRITICAL_FAST_OPTIONS; goto out; } diff --git a/lib/krb5/krb5_err.et b/lib/krb5/krb5_err.et index 13543a357..0860cf4d5 100644 --- a/lib/krb5/krb5_err.et +++ b/lib/krb5/krb5_err.et @@ -109,6 +109,9 @@ error_code PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED, "Public key encryption not suppo index 91 error_code MORE_PREAUTH_DATA_REQUIRED, "More pre-authentication data required" +index 93 +error_code UNKNOWN_CRITICAL_FAST_OPTIONS, "Unknown critical FAST options" + index 94 error_code INVALID_HASH_ALG, "Invalid OTP digest algorithm" error_code INVALID_ITERATION_COUNT, "Invalid OTP iteration count"