]> git.ipfire.org Git - thirdparty/samba.git/commitdiff
kdc: KRB5KDC_ERR_{C,S}_PRINCIPAL_UNKNOWN if missing field
authorLuke Howard <lukeh@padl.com>
Tue, 31 Aug 2021 05:38:16 +0000 (17:38 +1200)
committerAndreas Schneider <asn@cryptomilk.org>
Thu, 2 Sep 2021 13:41:28 +0000 (13:41 +0000)
If missing cname or sname in AS-REQ, return KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN and
KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN. This matches MIT behaviour.

[abartlet@samba.org Backported from Heimdal commit 892a1ffcaad98157e945c540b81f65edb14d29bd
and knownfail added]

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
selftest/knownfail_heimdal_kdc
source4/heimdal/kdc/kerberos5.c

index a55357b753717217c8f4e5b7fd411fc744a2a2b6..2c63707fff3677d726e13abb4412ebda813f6284 100644 (file)
@@ -72,3 +72,4 @@
 ^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_simple_tgs_no_sname.ad_dc
 ^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_inner_no_sname.ad_dc
 ^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_tgs_inner_no_sname.ad_dc
+^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_simple_no_sname.ad_dc
\ No newline at end of file
index 27d38ad84b7be019600f06d82bda8c8b31ad64d0..0fa336e871c4e200caacfb39604b07014fa04801 100644 (file)
@@ -996,7 +996,7 @@ _kdc_as_rep(krb5_context context,
        flags |= HDB_F_CANON;
 
     if(b->sname == NULL){
-       ret = KRB5KRB_ERR_GENERIC;
+       ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
        e_text = "No server in request";
     } else{
        ret = _krb5_principalname2krb5_principal (context,
@@ -1012,7 +1012,7 @@ _kdc_as_rep(krb5_context context,
        goto out;
     }
     if(b->cname == NULL){
-       ret = KRB5KRB_ERR_GENERIC;
+       ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
        e_text = "No client in request";
     } else {
        ret = _krb5_principalname2krb5_principal (context,