sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-06 13:18:07 +03:00
Code

HEIMDAL: allow HDB_AUTH_WRONG_PASSWORD to result in HDB_ERR_NOT_FOUND_HERE

Browse Source 
On an RODC we need to redirect failing preauthentication to an RWDC.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14865

Signed-off-by: Stefan Metzmacher <metze@samba.org>
(similar to commit heimdal commit df655cecd12712e7f7df5128b123eee0066a8216)
This commit is contained in:
Stefan Metzmacher 2022-02-18 17:17:02 +01:00
parent 3ae7ead5fd
commit 68f55294eb
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
source4/heimdal/kdc/kerberos5.c
View File

@ -1357,13 +1357,19 @@ _kdc_as_rep(krb5_context context,
free_EncryptedData(&enc_data);
if (clientdb->hdb_auth_status)
(clientdb->hdb_auth_status)(context, clientdb, client,
if (clientdb->hdb_auth_status) {
ret = (clientdb->hdb_auth_status)(context, clientdb, client,
from_addr,
&_kdc_now,
client_name,
str ? str : "unknown enctype",
HDB_AUTH_WRONG_PASSWORD);
if (ret == HDB_ERR_NOT_FOUND_HERE) {
kdc_log(context, config, 5, "client %s HDB_AUTH_WRONG_PASSWORD at this KDC, forward to proxy", client_name);
free(str);
goto out;
}
}
free(str);