s4:kdc: only map SDB_ERR_NOT_FOUND_HERE to HDB_ERR_NOT_FOUND_HERE

HDB_ERR_NOT_FOUND_HERE indicated a very specific error on an RODC.

We should not map any error to HDB_ERR_NOT_FOUND_HERE,
we should just pass errors along unmapped.

Otherwise we'll hit the logic bug in:

    if (ret == KDC_PROXY_REQUEST) {
        uint16_t port;

        if (!sock->kdc_socket->kdc->am_rodc) {
            DEBUG(0,("kdc_udp_call_loop: proxying requested when not RODC"));
                    talloc_free(call);
            goto done;
        }

And just don't send an error message to the client.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13132

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Dec  6 23:16:54 CET 2017 on sn-devel-144

(cherry picked from commit aaa946bb9eb8088389b8ffdec460023f1961616c)

diff --git a/source4/kdc/hdb-samba4.c b/source4/kdc/hdb-samba4.c
index 85d166fda67e4f2aae76583c0d9c0aae6b6ec532..47eaa1c1fcc7bbb89de206a5170e1f8aab00de55 100644 (file)
--- a/source4/kdc/hdb-samba4.c
+++ b/source4/kdc/hdb-samba4.c
@@ -114,8 +114,10 @@ static krb5_error_code hdb_samba4_fetch_kvno(krb5_context context, HDB *db,
                break;
        case SDB_ERR_NOENTRY:
                return HDB_ERR_NOENTRY;
-       default:
+       case SDB_ERR_NOT_FOUND_HERE:
                return HDB_ERR_NOT_FOUND_HERE;
+       default:
+               return ret;
        }
 
        ret = sdb_entry_ex_to_hdb_entry_ex(context, &sdb_entry_ex, entry_ex);
@@ -146,8 +148,10 @@ static krb5_error_code hdb_samba4_firstkey(krb5_context context, HDB *db, unsign
                return HDB_ERR_WRONG_REALM;
        case SDB_ERR_NOENTRY:
                return HDB_ERR_NOENTRY;
-       default:
+       case SDB_ERR_NOT_FOUND_HERE:
                return HDB_ERR_NOT_FOUND_HERE;
+       default:
+               return ret;
        }
 
        ret = sdb_entry_ex_to_hdb_entry_ex(context, &sdb_entry_ex, entry);
@@ -173,8 +177,10 @@ static krb5_error_code hdb_samba4_nextkey(krb5_context context, HDB *db, unsigne
                return HDB_ERR_WRONG_REALM;
        case SDB_ERR_NOENTRY:
                return HDB_ERR_NOENTRY;
-       default:
+       case SDB_ERR_NOT_FOUND_HERE:
                return HDB_ERR_NOT_FOUND_HERE;
+       default:
+               return ret;
        }
 
        ret = sdb_entry_ex_to_hdb_entry_ex(context, &sdb_entry_ex, entry);
@@ -214,9 +220,11 @@ hdb_samba4_check_constrained_delegation(krb5_context context, HDB *db,
        case SDB_ERR_NOENTRY:
                ret = HDB_ERR_NOENTRY;
                break;
-       default:
+       case SDB_ERR_NOT_FOUND_HERE:
                ret = HDB_ERR_NOT_FOUND_HERE;
                break;
+       default:
+               break;
        }
 
        return ret;
@@ -248,9 +256,11 @@ hdb_samba4_check_pkinit_ms_upn_match(krb5_context context, HDB *db,
        case SDB_ERR_NOENTRY:
                ret = HDB_ERR_NOENTRY;
                break;
-       default:
+       case SDB_ERR_NOT_FOUND_HERE:
                ret = HDB_ERR_NOT_FOUND_HERE;
                break;
+       default:
+               break;
        }
 
        return ret;
@@ -282,9 +292,11 @@ hdb_samba4_check_s4u2self(krb5_context context, HDB *db,
        case SDB_ERR_NOENTRY:
                ret = HDB_ERR_NOENTRY;
                break;
-       default:
+       case SDB_ERR_NOT_FOUND_HERE:
                ret = HDB_ERR_NOT_FOUND_HERE;
                break;
+       default:
+               break;
        }
 
        return ret;