Revert "CVE-2020-25719 heimdal:kdc: Require authdata to be present"

This reverts an earlier commit that was incorrect. It is not Samba practice to include a revert, but at this point in the patch preperation the ripple though the knownfail files is more trouble than can be justified. It is not correct to refuse to parse all tickets with no authorization data, only for the KDC to require that a PAC is found, which is done in "heimdal:kdc: Require PAC to be present" Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
author: Andrew Bartlett <abartlet@samba.org> 2021-11-02 14:52:22 +1300
committer: Jule Anger <janger@samba.org> 2021-11-08 10:52:12 +0100
commit: 1c5a0ef89c947545ae63ac67413e29a5f86e8987 (patch)
tree: db9c48bd14337ce434da4a9daa9a427a86ba8355
parent: a803247a1dcea41c31c06f8e5fb1c5d7a58d6317 (diff)
download: samba-1c5a0ef89c947545ae63ac67413e29a5f86e8987.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/source4/heimdal/lib/krb5/pac.c b/source4/heimdal/lib/krb5/pac.c
index 749d0fdb4eb..05bcc523080 100644
--- a/source4/heimdal/lib/krb5/pac.c
+++ b/source4/heimdal/lib/krb5/pac.c
@@ -1369,7 +1369,7 @@ _krb5_kdc_pac_ticket_parse(krb5_context context,
     *ppac = NULL;
 
     if (ad == NULL || ad->len == 0)
-	return KRB5KDC_ERR_BADOPTION;
+	return 0;
 
     for (i = 0; i < ad->len; i++) {
 	AuthorizationData child;
author	Andrew Bartlett <abartlet@samba.org>	2021-11-02 14:52:22 +1300
committer	Jule Anger <janger@samba.org>	2021-11-08 10:52:12 +0100
commit	1c5a0ef89c947545ae63ac67413e29a5f86e8987 (patch)
tree	db9c48bd14337ce434da4a9daa9a427a86ba8355
parent	a803247a1dcea41c31c06f8e5fb1c5d7a58d6317 (diff)
download	samba-1c5a0ef89c947545ae63ac67413e29a5f86e8987.tar.gz