mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
third_party/heimdal: Import lorikeet-heimdal-202406240121 (commit 4315286377278234be2f3b6d52225a17b6116d54)
This lets us match the Windows FAST reply when the password is expired. Windows clients were upset by the NTSTATUS field in the edata, apparently interpreting it to mean “insufficient resource”. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15655 Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This commit is contained in:
parent
c5ee0b60b2
commit
fe90576871
@ -156,11 +156,3 @@
|
||||
^samba\.tests\.krb5\.conditional_ace_tests\.samba\.tests\.krb5\.conditional_ace_tests\.TgsReqServicePolicyTests\.test_pac_device_info_no_compound_id_support_no_claims_valid_existing_device_claims_target_policy\(ad_dc\)$
|
||||
^samba\.tests\.krb5\.conditional_ace_tests\.samba\.tests\.krb5\.conditional_ace_tests\.TgsReqServicePolicyTests\.test_pac_device_info_no_compound_id_support_no_claims_valid_existing_device_claims\(ad_dc\)$
|
||||
^samba\.tests\.krb5\.conditional_ace_tests\.samba\.tests\.krb5\.conditional_ace_tests\.TgsReqServicePolicyTests\.test_pac_device_info_rodc_issued\(ad_dc\)$
|
||||
#
|
||||
# Lockout tests
|
||||
#
|
||||
^samba\.tests\.krb5\.lockout_tests\.samba\.tests\.krb5\.lockout_tests\.LockoutTests\.test_lockout_status_disabled_fast\(ad_dc:local\)$
|
||||
^samba\.tests\.krb5\.lockout_tests\.samba\.tests\.krb5\.lockout_tests\.LockoutTests\.test_lockout_status_expired_fast\(ad_dc:local\)$
|
||||
^samba\.tests\.krb5\.lockout_tests\.samba\.tests\.krb5\.lockout_tests\.LockoutTests\.test_lockout_status_locked_out_fast\(ad_dc:local\)$
|
||||
^samba\.tests\.krb5\.lockout_tests\.samba\.tests\.krb5\.lockout_tests\.LockoutTests\.test_lockout_status_must_change_fast\(ad_dc:local\)$
|
||||
^samba\.tests\.krb5\.lockout_tests\.samba\.tests\.krb5\.lockout_tests\.LockoutTests\.test_lockout_status_password_expired_fast\(ad_dc:local\)$
|
||||
|
13
third_party/heimdal/kdc/fast.c
vendored
13
third_party/heimdal/kdc/fast.c
vendored
@ -482,7 +482,18 @@ _kdc_fast_mk_error(astgs_request_t r,
|
||||
|
||||
heim_assert(r != NULL, "invalid request in _kdc_fast_mk_error");
|
||||
|
||||
if (r->e_data.length) {
|
||||
if (!armor_crypto && r->e_data.length) {
|
||||
/*
|
||||
* If we’re not armoring the response with FAST, r->e_data
|
||||
* takes precedence over the e‐data that would normally be
|
||||
* generated. r->e_data typically contains a
|
||||
* Microsoft‐specific NTSTATUS code.
|
||||
*
|
||||
* But if FAST is in use, Windows Server suppresses the
|
||||
* NTSTATUS code in favour of an armored response
|
||||
* encapsulating an ordinary KRB‐ERROR. So we ignore r->e_data
|
||||
* in that case.
|
||||
*/
|
||||
e_data = &r->e_data;
|
||||
} else {
|
||||
ret = _kdc_fast_mk_e_data(r,
|
||||
|
Loading…
Reference in New Issue
Block a user