From 972f0435bd8b1f0db1f98954692bc58b10631d27 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 2 Nov 2021 14:52:22 +1300
Subject: [PATCH] Revert "CVE-2020-25719 heimdal:kdc: Require authdata to be
 present"

This reverts an earlier commit that was incorrect.

It is not Samba practice to include a revert, but at this point in
the patch preperation the ripple though the knownfail files is
more trouble than can be justified.

It is not correct to refuse to parse all tickets with no authorization
data, only for the KDC to require that a PAC is found, which is done
in "heimdal:kdc: Require PAC to be present"

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
---
 source4/heimdal/lib/krb5/pac.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source4/heimdal/lib/krb5/pac.c b/source4/heimdal/lib/krb5/pac.c
index 749d0fdb4eb..05bcc523080 100644
--- a/source4/heimdal/lib/krb5/pac.c
+++ b/source4/heimdal/lib/krb5/pac.c
@@ -1369,7 +1369,7 @@ _krb5_kdc_pac_ticket_parse(krb5_context context,
     *ppac = NULL;
 
     if (ad == NULL || ad->len == 0)
-	return KRB5KDC_ERR_BADOPTION;
+	return 0;
 
     for (i = 0; i < ad->len; i++) {
 	AuthorizationData child;
-- 
2.47.3