git.samba.org / amitay / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 62ee0d9)
gensec/spnego: fallback on INVALID_{ACCOUNT,COMPUTER}_NAME and NO_SUCH_DOMAIN
authorStefan Metzmacher <metze@samba.org>
Tue, 19 Nov 2019 11:10:11 +0000 (12:10 +0100)
committerStefan Metzmacher <metze@samba.org>
Mon, 10 Feb 2020 16:32:37 +0000 (16:32 +0000)
I think it's better to handle them in spnego.c, instead of squashing
them already in the gssapi/gse modules. This is related to
KRB5KDC_ERR_{C,S}_PRINCIPAL_UNKNOWN and KRB5_REALM_UNKNOWN.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
auth/gensec/spnego.c patch | blob | history

diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c
index db8a91b6f34a8a7f7ed05861a23b73ebbd2034da..87545d860e813fa4507897f9fcaf7ccace1681b1 100644 (file)
--- a/auth/gensec/spnego.c
+++ b/auth/gensec/spnego.c
@@ -569,6 +569,9 @@ static NTSTATUS gensec_spnego_client_negTokenInit_step(
                 * of this mech
                 */
                if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER) ||
+                   NT_STATUS_EQUAL(status, NT_STATUS_INVALID_ACCOUNT_NAME) ||
+                   NT_STATUS_EQUAL(status, NT_STATUS_INVALID_COMPUTER_NAME) ||
+                   NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_DOMAIN) ||
                    NT_STATUS_EQUAL(status, NT_STATUS_NO_LOGON_SERVERS) ||
                    NT_STATUS_EQUAL(status, NT_STATUS_TIME_DIFFERENCE_AT_DC) ||
                    NT_STATUS_EQUAL(status, NT_STATUS_CANT_ACCESS_DOMAIN_INFO))
Amitay's Samba development tree