mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
krb5: return KRB5KRB_AP_ERR_INAPP_CKSUM if PAC checksum fails
Return KRB5KRB_AP_ERR_INAPP_CKSUM instead of EINVAL when verifying a PAC, if the checksum is absent or unkeyed. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 [jsutton@samba.org Cherry-picked from Heimdal commit c4b99b48c4b18f30d504b427bc1961d7a71f631e] Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
parent
2773379603
commit
d6a472e953
@ -489,13 +489,13 @@ verify_checksum(krb5_context context,
|
||||
}
|
||||
ret = krb5_storage_read(sp, cksum.checksum.data, cksum.checksum.length);
|
||||
if (ret != (int)cksum.checksum.length) {
|
||||
ret = EINVAL;
|
||||
ret = KRB5KRB_AP_ERR_INAPP_CKSUM;
|
||||
krb5_set_error_message(context, ret, "PAC checksum missing checksum");
|
||||
goto out;
|
||||
}
|
||||
|
||||
if (!krb5_checksum_is_keyed(context, cksum.cksumtype)) {
|
||||
ret = EINVAL;
|
||||
ret = KRB5KRB_AP_ERR_INAPP_CKSUM;
|
||||
krb5_set_error_message(context, ret, "Checksum type %d not keyed",
|
||||
cksum.cksumtype);
|
||||
goto out;
|
||||
|
Loading…
Reference in New Issue
Block a user