diff options
author | Andreas Schneider <asn@samba.org> | 2016-02-15 08:29:27 +0100 |
---|---|---|
committer | Alexander Bokovoy <ab@samba.org> | 2016-06-02 12:48:13 +0200 |
commit | 7a1fd661b0e6282c4e97d7baba399d5ebee2f9f2 (patch) | |
tree | 476ac6f8c175413188fb22aac4ea20458d0c8813 /source4/kdc | |
parent | 00267c9565fc82b930f6292a51234580eba4ae89 (diff) | |
download | samba-7a1fd661b0e6282c4e97d7baba399d5ebee2f9f2.tar.gz |
sdb: Do not create kmod information if we return early
In case of a wrong realm in a cross forest trust we return early with
just the realm corrected. We need to parse a kdb entry but do not have
all information available. So skip creating the kmod.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Diffstat (limited to 'source4/kdc')
-rw-r--r-- | source4/kdc/sdb_to_kdb.c | 19 |
1 files changed, 13 insertions, 6 deletions
diff --git a/source4/kdc/sdb_to_kdb.c b/source4/kdc/sdb_to_kdb.c index d842052117e..ff50c0cab87 100644 --- a/source4/kdc/sdb_to_kdb.c +++ b/source4/kdc/sdb_to_kdb.c @@ -272,12 +272,19 @@ static int sdb_entry_ex_to_krb5_db_entry(krb5_context context, /* fail_auth_count */ /* n_tl_data */ - ret = sdb_event_to_kmod(context, - s->modified_by ? s->modified_by : &s->created_by, - k); - if (ret) { - free_krb5_db_entry(context, k); - return ret; + /* + * If we leave early when looking up the realm, we do not have all + * information about a principal. We need to construct a db entry + * with minimal information, so skip this part. + */ + if (s->created_by.time != 0) { + ret = sdb_event_to_kmod(context, + s->modified_by ? s->modified_by : &s->created_by, + k); + if (ret) { + free_krb5_db_entry(context, k); + return ret; + } } /* FIXME: TODO HDB Extensions */ |