oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

kdc: allow audit plugins to influence return code

Browse Source 
Honor the return code of _kdc_audit_request(), propagating if non-zero. Note
that this is principally intended to allow the audit plugin to return
HDB_ERR_NOT_FOUND_HERE, which influences whether the KDC sends an error reply
or not. If the audit plugin also wishes to rewrite r->error_code, it must do so
separately.

Closes: #964
This commit is contained in:
Luke Howard
2022-03-03 09:44:53 +11:00
parent 8495f63bc3
commit df655cecd1
2 changed files with 14 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
kdc/kerberos5.c
View File

@@ -2733,7 +2733,13 @@ _kdc_as_rep(astgs_request_t r)
out:
r->error_code = ret;
_kdc_audit_request(r);
{
krb5_error_code ret2 = _kdc_audit_request(r);
if (ret2) {
krb5_data_free(r->reply);
ret = ret2;
}
}
/*
* In case of a non proxy error, build an error message.

8
kdc/krb5tgs.c
View File

@@ -2157,7 +2157,13 @@ _kdc_tgs_rep(astgs_request_t r)
out:
r->error_code = ret;
_kdc_audit_request(r);
{
krb5_error_code ret2 = _kdc_audit_request(r);
if (ret2) {
krb5_data_free(data);
ret = ret2;
}
}
if(ret && ret != HDB_ERR_NOT_FOUND_HERE && data->data == NULL){
METHOD_DATA error_method = { 0, NULL };