diff options
| author | Stefan Metzmacher <metze@samba.org> | 2017-09-21 12:02:25 +0200 |
|---|---|---|
| committer | Andreas Schneider <asn@cryptomilk.org> | 2017-12-06 23:16:54 +0100 |
| commit | aaa946bb9eb8088389b8ffdec460023f1961616c (patch) | |
| tree | 7cc7dd80560657863840e5681297b3cf79bf336f /source4/kdc | |
| parent | 183e5d1e3dc306491c06f94c8c98e4882c64bc27 (diff) | |
| download | samba-aaa946bb9eb8088389b8ffdec460023f1961616c.tar.gz | |
s4:kdc: only map SDB_ERR_NOT_FOUND_HERE to HDB_ERR_NOT_FOUND_HERE
HDB_ERR_NOT_FOUND_HERE indicated a very specific error on an RODC.
We should not map any error to HDB_ERR_NOT_FOUND_HERE,
we should just pass errors along unmapped.
Otherwise we'll hit the logic bug in:
if (ret == KDC_PROXY_REQUEST) {
uint16_t port;
if (!sock->kdc_socket->kdc->am_rodc) {
DEBUG(0,("kdc_udp_call_loop: proxying requested when not RODC"));
talloc_free(call);
goto done;
}
And just don't send an error message to the client.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13132
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Dec 6 23:16:54 CET 2017 on sn-devel-144
Diffstat (limited to 'source4/kdc')
| -rw-r--r-- | source4/kdc/hdb-samba4.c | 24 |
1 files changed, 18 insertions, 6 deletions
diff --git a/source4/kdc/hdb-samba4.c b/source4/kdc/hdb-samba4.c index 552eeeedf6b..a2fbf5a0099 100644 --- a/source4/kdc/hdb-samba4.c +++ b/source4/kdc/hdb-samba4.c @@ -120,8 +120,10 @@ static krb5_error_code hdb_samba4_fetch_kvno(krb5_context context, HDB *db, break; case SDB_ERR_NOENTRY: return HDB_ERR_NOENTRY; - default: + case SDB_ERR_NOT_FOUND_HERE: return HDB_ERR_NOT_FOUND_HERE; + default: + return ret; } ret = sdb_entry_ex_to_hdb_entry_ex(context, &sdb_entry_ex, entry_ex); @@ -152,8 +154,10 @@ static krb5_error_code hdb_samba4_firstkey(krb5_context context, HDB *db, unsign return HDB_ERR_WRONG_REALM; case SDB_ERR_NOENTRY: return HDB_ERR_NOENTRY; - default: + case SDB_ERR_NOT_FOUND_HERE: return HDB_ERR_NOT_FOUND_HERE; + default: + return ret; } ret = sdb_entry_ex_to_hdb_entry_ex(context, &sdb_entry_ex, entry); @@ -179,8 +183,10 @@ static krb5_error_code hdb_samba4_nextkey(krb5_context context, HDB *db, unsigne return HDB_ERR_WRONG_REALM; case SDB_ERR_NOENTRY: return HDB_ERR_NOENTRY; - default: + case SDB_ERR_NOT_FOUND_HERE: return HDB_ERR_NOT_FOUND_HERE; + default: + return ret; } ret = sdb_entry_ex_to_hdb_entry_ex(context, &sdb_entry_ex, entry); @@ -220,9 +226,11 @@ hdb_samba4_check_constrained_delegation(krb5_context context, HDB *db, case SDB_ERR_NOENTRY: ret = HDB_ERR_NOENTRY; break; - default: + case SDB_ERR_NOT_FOUND_HERE: ret = HDB_ERR_NOT_FOUND_HERE; break; + default: + break; } return ret; @@ -254,9 +262,11 @@ hdb_samba4_check_pkinit_ms_upn_match(krb5_context context, HDB *db, case SDB_ERR_NOENTRY: ret = HDB_ERR_NOENTRY; break; - default: + case SDB_ERR_NOT_FOUND_HERE: ret = HDB_ERR_NOT_FOUND_HERE; break; + default: + break; } return ret; @@ -288,9 +298,11 @@ hdb_samba4_check_s4u2self(krb5_context context, HDB *db, case SDB_ERR_NOENTRY: ret = HDB_ERR_NOENTRY; break; - default: + case SDB_ERR_NOT_FOUND_HERE: ret = HDB_ERR_NOT_FOUND_HERE; break; + default: + break; } return ret; |