heimdal:kdc: Match Windows error code for unsupported critical FAST options

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2021-12-07 15:32:20 +13:00
parent 527906c821
commit 9b62d72d51
2 changed files with 4 additions and 1 deletions
--- a/kdc/fast.c
+++ b/kdc/fast.c
@@ -516,7 +516,7 @@ fast_unwrap_request(astgs_request_t r)
    if (FastOptions2int(fastreq.fast_options) & 0xfffc) {
 	kdc_log(r->context, r->config, 2,
 		"FAST unsupported mandatory option set");
-	ret = KRB5KDC_ERR_PREAUTH_FAILED;
+	ret = KRB5_KDC_ERR_UNKNOWN_CRITICAL_FAST_OPTIONS;
 	goto out;
    }

--- a/lib/krb5/krb5_err.et
+++ b/lib/krb5/krb5_err.et
@@ -109,6 +109,9 @@ error_code PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED, "Public key encryption not suppo
 index 91
 error_code MORE_PREAUTH_DATA_REQUIRED, "More pre-authentication data required"

+index 93
+error_code UNKNOWN_CRITICAL_FAST_OPTIONS, "Unknown critical FAST options"
+
 index 94
 error_code INVALID_HASH_ALG, "Invalid OTP digest algorithm"
 error_code INVALID_ITERATION_COUNT, "Invalid OTP iteration count"