diff options
| author | Andreas Schneider <asn@samba.org> | 2016-09-02 11:54:48 +0200 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2016-09-11 02:58:22 +0200 |
| commit | 2f36e6d3ec1907b32275a769667cc7b791efd7de (patch) | |
| tree | 7c8a4fd06c13b3665a8d490725556039d87aad0e /lib/krb5_wrap | |
| parent | 5ae447e102d5c29688f759ce19bca1689c5924f0 (diff) | |
| download | samba-2f36e6d3ec1907b32275a769667cc7b791efd7de.tar.gz | |
krb5_wrap: Fix smb_krb5_mk_error() with MIT Kerberos
The server principal is required, so if not set create an obscure one.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Diffstat (limited to 'lib/krb5_wrap')
| -rw-r--r-- | lib/krb5_wrap/krb5_samba.c | 52 | ||||
| -rw-r--r-- | lib/krb5_wrap/krb5_samba.h | 2 |
2 files changed, 45 insertions, 9 deletions
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c index dcd6185db9f..28884d9044d 100644 --- a/lib/krb5_wrap/krb5_samba.c +++ b/lib/krb5_wrap/krb5_samba.c @@ -206,6 +206,8 @@ krb5_error_code smb_krb5_mk_error(krb5_context context, krb5_error_code error_code, const char *e_text, krb5_data *e_data, + const krb5_principal client, + const krb5_principal server, krb5_data *enc_err) { krb5_error_code code = EINVAL; @@ -214,27 +216,59 @@ krb5_error_code smb_krb5_mk_error(krb5_context context, error_code, e_text, e_data, - NULL, /* client */ - NULL, /* server */ + client, + server, NULL, /* client_time */ NULL, /* client_usec */ enc_err); #else - krb5_error dec_err = { - .error = error_code, - }; + krb5_principal unspec_server = NULL; + krb5_error errpkt; + errpkt.ctime = 0; + errpkt.cusec = 0; + + code = krb5_us_timeofday(context, + &errpkt.stime, + &errpkt.susec); + if (code != 0) { + return code; + } + + errpkt.error = error_code; + + errpkt.text.length = 0; if (e_text != NULL) { - dec_err.text.length = strlen(e_text); - dec_err.text.data = discard_const_p(char, e_text); + errpkt.text.length = strlen(e_text); + errpkt.text.data = discard_const_p(char, e_text); } + + errpkt.e_data.magic = KV5M_DATA; + errpkt.e_data.length = 0; + errpkt.e_data.data = NULL; if (e_data != NULL) { - dec_err.e_data = *e_data; + errpkt.e_data = *e_data; + } + + errpkt.client = client; + + if (server != NULL) { + errpkt.server = server; + } else { + code = smb_krb5_make_principal(context, + &unspec_server, + "<unspecified realm>", + NULL); + if (code != 0) { + return code; + } + errpkt.server = unspec_server; } code = krb5_mk_error(context, - &dec_err, + &errpkt, enc_err); + krb5_free_principal(context, unspec_server); #endif return code; } diff --git a/lib/krb5_wrap/krb5_samba.h b/lib/krb5_wrap/krb5_samba.h index 64a04b31b55..71e81ea26e1 100644 --- a/lib/krb5_wrap/krb5_samba.h +++ b/lib/krb5_wrap/krb5_samba.h @@ -169,6 +169,8 @@ krb5_error_code smb_krb5_mk_error(krb5_context context, krb5_error_code error_code, const char *e_text, krb5_data *e_data, + const krb5_principal client, + const krb5_principal server, krb5_data *enc_err); krb5_error_code smb_krb5_get_allowed_etypes(krb5_context context, |