1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

krb5: return KRB5KRB_AP_ERR_INAPP_CKSUM if PAC checksum fails

Return KRB5KRB_AP_ERR_INAPP_CKSUM instead of EINVAL when verifying a PAC, if
the checksum is absent or unkeyed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642

[jsutton@samba.org Cherry-picked from Heimdal commit
c4b99b48c4b18f30d504b427bc1961d7a71f631e]

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Luke Howard 2021-09-17 13:57:57 +10:00 committed by Andrew Bartlett
parent 2773379603
commit d6a472e953

View File

@ -489,13 +489,13 @@ verify_checksum(krb5_context context,
}
ret = krb5_storage_read(sp, cksum.checksum.data, cksum.checksum.length);
if (ret != (int)cksum.checksum.length) {
ret = EINVAL;
ret = KRB5KRB_AP_ERR_INAPP_CKSUM;
krb5_set_error_message(context, ret, "PAC checksum missing checksum");
goto out;
}
if (!krb5_checksum_is_keyed(context, cksum.cksumtype)) {
ret = EINVAL;
ret = KRB5KRB_AP_ERR_INAPP_CKSUM;
krb5_set_error_message(context, ret, "Checksum type %d not keyed",
cksum.cksumtype);
goto out;