mirror of
https://github.com/samba-team/samba.git
synced 2024-12-24 21:34:56 +03:00
r22966: Make sure to return LOGON_FAILURE if the user's kerberos password is
incorrect.
Andrew Bartlett
(This used to be commit 9dc6f36e43
)
This commit is contained in:
parent
da9b4626bc
commit
1a7b251319
@ -347,6 +347,8 @@ static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_securi
|
||||
switch (ret) {
|
||||
case 0:
|
||||
break;
|
||||
case KRB5KDC_ERR_PREAUTH_FAILED:
|
||||
return NT_STATUS_LOGON_FAILURE;
|
||||
case KRB5_KDC_UNREACH:
|
||||
DEBUG(3, ("Cannot reach a KDC we require to contact %s\n", principal));
|
||||
return NT_STATUS_INVALID_PARAMETER; /* Make SPNEGO ignore us, we can't go any further here */
|
||||
|
@ -244,16 +244,23 @@ static NTSTATUS gensec_krb5_client_start(struct gensec_security *gensec_security
|
||||
gensec_krb5_state = gensec_security->private_data;
|
||||
gensec_krb5_state->state_position = GENSEC_KRB5_CLIENT_START;
|
||||
|
||||
principal = gensec_get_target_principal(gensec_security);
|
||||
|
||||
ret = cli_credentials_get_ccache(gensec_get_credentials(gensec_security), &ccache_container);
|
||||
if (ret) {
|
||||
DEBUG(1,("gensec_krb5_start: cli_credentials_get_ccache failed: %s\n",
|
||||
error_message(ret)));
|
||||
switch (ret) {
|
||||
case 0:
|
||||
break;
|
||||
case KRB5KDC_ERR_PREAUTH_FAILED:
|
||||
return NT_STATUS_LOGON_FAILURE;
|
||||
case KRB5_KDC_UNREACH:
|
||||
DEBUG(3, ("Cannot reach a KDC we require to contact %s\n", principal));
|
||||
return NT_STATUS_INVALID_PARAMETER; /* Make SPNEGO ignore us, we can't go any further here */
|
||||
default:
|
||||
DEBUG(1, ("gensec_krb5_start: Aquiring initiator credentails failed: %s\n", error_message(ret)));
|
||||
return NT_STATUS_UNSUCCESSFUL;
|
||||
}
|
||||
|
||||
in_data.length = 0;
|
||||
|
||||
principal = gensec_get_target_principal(gensec_security);
|
||||
if (principal && lp_client_use_spnego_principal()) {
|
||||
krb5_principal target_principal;
|
||||
ret = krb5_parse_name(gensec_krb5_state->smb_krb5_context->krb5_context, principal,
|
||||
|
@ -528,7 +528,7 @@ static NTSTATUS gensec_spnego_parse_negTokenInit(struct gensec_security *gensec_
|
||||
* support the first time. Lets keep this code to
|
||||
* reality */
|
||||
|
||||
return NT_STATUS_INVALID_PARAMETER;
|
||||
return nt_status;
|
||||
}
|
||||
|
||||
/** create a negTokenInit
|
||||
|
Loading…
Reference in New Issue
Block a user