s4:kdc: let SDB_F_CROSS_REALM_PRINCIPAL result in SDB_ERR_NOT_FOUND_HERE

It means the client is remote and the kdc logic has to live without
an sdb_entry.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c
index 1f8574e9ef5c8d18bfb0bb6a7fd09a6cfc43a9be..9a76ec8271dbc93cca7529bd1b06415392f0a14a 100644 (file)
--- a/source4/kdc/db-glue.c
+++ b/source4/kdc/db-glue.c
@@ -3401,6 +3401,18 @@ static krb5_error_code samba_kdc_lookup_realm(krb5_context context,
                if (flags & SDB_F_FOR_AS_REQ) {
                        check_realm = true;
                }
+               if ((flags & SDB_F_FOR_TGS_REQ) &&
+                   (flags & SDB_F_CROSS_REALM_PRINCIPAL))
+               {
+                       /*
+                        * The request is not for us...
+                        * Let the caller ignore that
+                        * the client is remote and
+                        * has no local sdb_entry.
+                        */
+                       TALLOC_FREE(frame);
+                       return SDB_ERR_NOT_FOUND_HERE;
+               }
        }
        if (flags & SDB_F_GET_SERVER) {
                if (flags & SDB_F_FOR_TGS_REQ) {