From f06657ff6416c033b68a8830af11cda98066dfd5 Mon Sep 17 00:00:00 2001 From: Nicolas Williams Date: Tue, 1 Feb 2022 15:46:21 -0600 Subject: [PATCH] krb5: Make more cc configs non-critical MSLSA can't handle cc configs. --- lib/krb5/fast.c | 2 +- lib/krb5/init_creds_pw.c | 24 ++++-------------------- 2 files changed, 5 insertions(+), 21 deletions(-) diff --git a/lib/krb5/fast.c b/lib/krb5/fast.c index b2b3db17e..ebd967f80 100644 --- a/lib/krb5/fast.c +++ b/lib/krb5/fast.c @@ -860,7 +860,7 @@ _krb5_fast_anon_pkinit_step(krb5_context context, ret = krb5_cc_set_config(context, ccache, cred.server, "fast_avail", &data); - if (ret) + if (ret && ret != KRB5_CC_NOSUPP) return ret; if (_krb5_pk_is_kdc_verified(context, state->anon_pkinit_opt)) diff --git a/lib/krb5/init_creds_pw.c b/lib/krb5/init_creds_pw.c index a91abc927..4bab28ad1 100644 --- a/lib/krb5/init_creds_pw.c +++ b/lib/krb5/init_creds_pw.c @@ -2860,25 +2860,9 @@ krb5_init_creds_set_fast_ccache(krb5_context context, krb5_init_creds_context ctx, krb5_ccache fast_ccache) { - krb5_creds *cred = NULL; - krb5_error_code ret; - krb5_data data; - - ret = _krb5_get_krbtgt(context, fast_ccache, NULL, &cred); - if (ret) - return ret; - - ret = krb5_cc_get_config(context, fast_ccache, cred->server, - "fast_avail", &data); - krb5_free_creds(context, cred); - if (ret == 0) { - ctx->fast_state.armor_ccache = fast_ccache; - ctx->fast_state.flags |= KRB5_FAST_REQUIRED; - ctx->fast_state.flags |= KRB5_FAST_KDC_VERIFIED; - } else { - krb5_set_error_message(context, EINVAL, N_("FAST not available for the KDC in the armor ccache", "")); - return EINVAL; - } + ctx->fast_state.armor_ccache = fast_ccache; + ctx->fast_state.flags |= KRB5_FAST_REQUIRED; + ctx->fast_state.flags |= KRB5_FAST_KDC_VERIFIED; return 0; } @@ -3650,7 +3634,7 @@ krb5_init_creds_store(krb5_context context, krb5_data data = { 3, rk_UNCONST("yes") }; ret = krb5_cc_set_config(context, id, ctx->cred.server, "fast_avail", &data); - if (ret) + if (ret && ret != KRB5_CC_NOSUPP) return ret; }