sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-26 21:57:41 +03:00
Code

s4:kdc: Handle new KDC_AUTH_EVENT_CLIENT_FOUND audit event

Browse Source 
NOTE: This commit finally works again!

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
Joseph Sutton 2023-06-20 11:20:44 +12:00 committed by Stefan Metzmacher
parent 19f867bc54
commit 67436de3e7
1 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
source4/kdc/hdb-samba4.c
View File

@ -944,6 +944,23 @@ static krb5_error_code hdb_samba4_audit(krb5_context context,
} else {
status = krb5_to_nt_status(r->error_code);
}
} else if (hdb_auth_status == KDC_AUTH_EVENT_CLIENT_FOUND) {
/*
* We found the client principal,
* but we didnt reach the final
* KDC_AUTH_EVENT_CLIENT_AUTHORIZED,
* so consult the error code.
*/
if (r->error_code == 0) {
DBG_ERR("ERROR: CLIENT_FOUND "
"with error=0 => INTERNAL_ERROR\n");
status = NT_STATUS_INTERNAL_ERROR;
r->error_code = final_ret = KRB5KRB_ERR_GENERIC;
} else if (!NT_STATUS_IS_OK(p->reject_status)) {
status = p->reject_status;
} else {
status = krb5_to_nt_status(r->error_code);
}
} else if (hdb_auth_status == KDC_AUTH_EVENT_CLIENT_TIME_SKEW) {
status = NT_STATUS_TIME_DIFFERENCE_AT_DC;
} else if (hdb_auth_status == KDC_AUTH_EVENT_WRONG_LONG_TERM_KEY) {