sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-04 17:47:26 +03:00
Code

heimdal Return HDB_ERR_NOT_FOUND_HERE to the caller

Browse Source 
This means that no reply packet should be generated, but that instead
the user of the libkdc API should forward the packet to a real KDC,
that has a full database.

Andrew Bartlett
This commit is contained in:
Andrew Bartlett 2010-11-12 12:31:33 +11:00 committed by Andrew Tridgell
parent 2fbaa09919
commit aa1c32ccb0
3 changed files with 34 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
source4/heimdal/kdc/kerberos5.c
View File

@ -990,7 +990,10 @@ _kdc_as_rep(krb5_context context,
ret = _kdc_db_fetch(context, config, client_princ,
HDB_F_GET_CLIENT | flags, NULL,
&clientdb, &client);
if(ret){
if(ret == HDB_ERR_NOT_FOUND_HERE) {
kdc_log(context, config, 5, "client %s does not have secrets at this KDC, need to proxy", client_name);
goto out;
} else if(ret){
const char *msg = krb5_get_error_message(context, ret);
kdc_log(context, config, 0, "UNKNOWN -- %s: %s", client_name, msg);
krb5_free_error_message(context, msg);
@ -1001,7 +1004,10 @@ _kdc_as_rep(krb5_context context,
ret = _kdc_db_fetch(context, config, server_princ,
HDB_F_GET_SERVER|HDB_F_GET_KRBTGT,
NULL, NULL, &server);
if(ret){
if(ret == HDB_ERR_NOT_FOUND_HERE) {
kdc_log(context, config, 5, "target %s does not have secrets at this KDC, need to proxy", server_name);
goto out;
} else if(ret){
const char *msg = krb5_get_error_message(context, ret);
kdc_log(context, config, 0, "UNKNOWN -- %s: %s", server_name, msg);
krb5_free_error_message(context, msg);
@ -1778,7 +1784,7 @@ _kdc_as_rep(krb5_context context,
out:
free_AS_REP(&rep);
if(ret){
if(ret != 0 && ret != HDB_ERR_NOT_FOUND_HERE){
krb5_mk_error(context,
ret,
e_text,

27
source4/heimdal/kdc/krb5tgs.c
View File

@ -1170,7 +1170,17 @@ tgs_parse_request(krb5_context context,
ret = _kdc_db_fetch(context, config, princ, HDB_F_GET_KRBTGT, ap_req.ticket.enc_part.kvno, NULL, krbtgt);
if(ret) {
if(ret == HDB_ERR_NOT_FOUND_HERE) {
char *p;
ret = krb5_unparse_name(context, princ, &p);
if (ret != 0)
p = "<unparse_name failed>";
krb5_free_principal(context, princ);
kdc_log(context, config, 5, "Ticket-granting ticket account %s does not have secrets at this KDC, need to proxy", p);
if (ret == 0)
free(p);
goto out;
} else if(ret){
const char *msg = krb5_get_error_message(context, ret);
char *p;
ret = krb5_unparse_name(context, princ, &p);
@ -1565,7 +1575,10 @@ server_lookup:
ret = _kdc_db_fetch(context, config, sp, HDB_F_GET_SERVER | HDB_F_CANON,
NULL, NULL, &server);
if(ret){
if(ret == HDB_ERR_NOT_FOUND_HERE) {
kdc_log(context, config, 5, "target %s does not have secrets at this KDC, need to proxy", sp);
goto out;
} else if(ret){
const char *new_rlm, *msg;
Realm req_rlm;
krb5_realm *realms;
@ -1625,7 +1638,10 @@ server_lookup:
ret = _kdc_db_fetch(context, config, cp, HDB_F_GET_CLIENT | HDB_F_CANON,
NULL, &clientdb, &client);
if(ret) {
if(ret == HDB_ERR_NOT_FOUND_HERE) {
kdc_log(context, config, 5, "client %s does not have secrets at this KDC, need to proxy", cp);
goto out;
} else if(ret){
const char *krbtgt_realm, *msg;
/*
@ -2230,7 +2246,7 @@ _kdc_tgs_rep(krb5_context context,
out:
if (replykey)
krb5_free_keyblock(context, replykey);
if(ret && data->data == NULL){
if(ret && ret != HDB_ERR_NOT_FOUND_HERE && data->data == NULL){
krb5_mk_error(context,
ret,
NULL,
@ -2240,6 +2256,7 @@ out:
csec,
cusec,
data);
ret = 0;
}
free(csec);
free(cusec);
@ -2253,5 +2270,5 @@ out:
free(auth_data);
}
return 0;
return ret;
}

6
source4/heimdal/kdc/misc.c
View File

@ -45,7 +45,7 @@ _kdc_db_fetch(krb5_context context,
hdb_entry_ex **h)
{
hdb_entry_ex *ent;
krb5_error_code ret;
krb5_error_code ret = HDB_ERR_NOENTRY;
int i;
unsigned kvno = 0;
@ -118,9 +118,9 @@ _kdc_db_fetch(krb5_context context,
}
}
free(ent);
krb5_set_error_message(context, HDB_ERR_NOENTRY,
krb5_set_error_message(context, ret,
"no such entry found in hdb");
return HDB_ERR_NOENTRY;
return ret;
}
void