Revert "CVE-2020-25719 heimdal:kdc: Require authdata to be present"

This reverts an earlier commit that was incorrect.

It is not Samba practice to include a revert, but at this point in
the patch preperation the ripple though the knownfail files is
more trouble than can be justified.

It is not correct to refuse to parse all tickets with no authorization
data, only for the KDC to require that a PAC is found, which is done
in "heimdal:kdc: Require PAC to be present"

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>

diff --git a/source4/heimdal/lib/krb5/pac.c b/source4/heimdal/lib/krb5/pac.c
index 749d0fdb4ebb56f368b71ff19de1c47df43f1a05..05bcc5230800ecc09b25ab88c342607babaaf709 100644 (file)
--- a/source4/heimdal/lib/krb5/pac.c
+++ b/source4/heimdal/lib/krb5/pac.c
@@ -1369,7 +1369,7 @@ _krb5_kdc_pac_ticket_parse(krb5_context context,
     *ppac = NULL;
 
     if (ad == NULL || ad->len == 0)
-       return KRB5KDC_ERR_BADOPTION;
+       return 0;
 
     for (i = 0; i < ad->len; i++) {
        AuthorizationData child;