git.samba.org / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7b4c9ee)
kdc: KRB5KDC_ERR_{C,S}_PRINCIPAL_UNKNOWN if missing field
authorLuke Howard <lukeh@padl.com>
Tue, 31 Aug 2021 05:38:16 +0000 (17:38 +1200)
committerJule Anger <janger@samba.org>
Thu, 16 Sep 2021 06:50:12 +0000 (06:50 +0000)
If missing cname or sname in AS-REQ, return KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN and
KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN. This matches MIT behaviour.

[abartlet@samba.org Backported from Heimdal commit 892a1ffcaad98157e945c540b81f65edb14d29bd
and knownfail added.  Further adapted knownfail for 4.14 due to conflicts
as the patch that adds a test which crashes old MIT versions is
omitted]

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
selftest/knownfail_heimdal_kdc patch | blob | history
source4/heimdal/kdc/kerberos5.c patch | blob | history

diff --git a/selftest/knownfail_heimdal_kdc b/selftest/knownfail_heimdal_kdc
index b0981a06002cdc4012789fd0c40dc69e76591202..f5ac4fa2e2b85f021b2f68b286da05a6a5048c82 100644 (file)
--- a/selftest/knownfail_heimdal_kdc
+++ b/selftest/knownfail_heimdal_kdc
@@ -123,3 +123,4 @@
 ^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_no_sname.ad_dc
 ^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_tgs_no_sname.ad_dc
 ^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_simple_tgs_no_sname.ad_dc
+^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_simple_no_sname.ad_dc
diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c
index 27d38ad84b7be019600f06d82bda8c8b31ad64d0..0fa336e871c4e200caacfb39604b07014fa04801 100644 (file)
--- a/source4/heimdal/kdc/kerberos5.c
+++ b/source4/heimdal/kdc/kerberos5.c
@@ -996,7 +996,7 @@ _kdc_as_rep(krb5_context context,
        flags |= HDB_F_CANON;
 
     if(b->sname == NULL){
-       ret = KRB5KRB_ERR_GENERIC;
+       ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
        e_text = "No server in request";
     } else{
        ret = _krb5_principalname2krb5_principal (context,
@@ -1012,7 +1012,7 @@ _kdc_as_rep(krb5_context context,
        goto out;
     }
     if(b->cname == NULL){
-       ret = KRB5KRB_ERR_GENERIC;
+       ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
        e_text = "No client in request";
     } else {
        ret = _krb5_principalname2krb5_principal (context,
Samba Shared Repository