summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGarming Sam <garming@catalyst.net.nz>2016-09-07 12:18:29 +1200
committerKarolin Seeger <kseeger@samba.org>2016-11-30 12:19:32 +0100
commitb37dcf075dc4506f11630d034d1ed6464eb9d13d (patch)
tree5763e9edb4f21afe12866f0b10cf7c93a7c8191f
parent82053bff469b6fa8ad6281ec20d4bdddfc1a35a4 (diff)
downloadsamba-b37dcf075dc4506f11630d034d1ed6464eb9d13d.tar.gz
s4-auth: Don't check for NULL saltPrincipal if it doesn't need it
This check causes 4.1 domains to be unable to change their DNS backend correctly as they do not have the saltPrincipal value stored. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10882 Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit b02da114980d46e9e251a5d3dfbf549ef348548a)
Diffstat
-rw-r--r--source4/auth/kerberos/srv_keytab.c12
1 files changed, 6 insertions, 6 deletions
diff --git a/source4/auth/kerberos/srv_keytab.c b/source4/auth/kerberos/srv_keytab.c
index 6e02b8184ce..6f0073c04bd 100644
--- a/source4/auth/kerberos/srv_keytab.c
+++ b/source4/auth/kerberos/srv_keytab.c
@@ -218,12 +218,6 @@ krb5_error_code smb_krb5_update_keytab(TALLOC_CTX *parent_ctx,
return ENOENT;
}
- if (saltPrincipal == NULL) {
- *perror_string = talloc_strdup(parent_ctx,
- "No saltPrincipal provided");
- return EINVAL;
- }
-
ret = krb5_kt_resolve(context, keytab_name, &keytab);
if (ret) {
*perror_string = smb_get_krb5_error_message(context,
@@ -283,6 +277,12 @@ krb5_error_code smb_krb5_update_keytab(TALLOC_CTX *parent_ctx,
/* Create a new keytab. If during the cleanout we found
* entires for kvno -1, then don't try and duplicate them.
* Otherwise, add kvno, and kvno -1 */
+ if (saltPrincipal == NULL) {
+ *perror_string = talloc_strdup(parent_ctx,
+ "No saltPrincipal provided");
+ ret = EINVAL;
+ goto done;
+ }
ret = create_keytab(tmp_ctx,
samAccountName, upper_realm, saltPrincipal,
View Lorry Controller Status