s4:kdc: Do not panic if authsam_logon_success_accounting() fails

In hdb_samba4_audit(), ERR_GENERIC signals an unexpected situation — if
we encounter that error code while running under selftest, we’ll panic.
In response to an expected event such as the failure of
authsam_logon_success_accounting(), it’s more appropriate to continue to
run.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source4/kdc/hdb-samba4.c b/source4/kdc/hdb-samba4.c
index 50c925e9512612128f13e47ec471a8e31806746c..84cddb24dc54fc7e54318252efcf3653ec49fdf3 100644 (file)
--- a/source4/kdc/hdb-samba4.c
+++ b/source4/kdc/hdb-samba4.c
@@ -900,7 +900,7 @@ static krb5_error_code hdb_samba4_audit(krb5_context context,
                                r->error_code = final_ret = KRB5KDC_ERR_CLIENT_REVOKED;
                                rwdc_fallback = kdc_db_ctx->rodc;
                        } else if (!NT_STATUS_IS_OK(status)) {
-                               r->error_code = final_ret = KRB5KRB_ERR_GENERIC;
+                               r->error_code = final_ret = KRB5KDC_ERR_CLIENT_REVOKED;
                                rwdc_fallback = kdc_db_ctx->rodc;
                        } else {
                                if (r->error_code == KRB5KDC_ERR_NEVER_VALID) {