^samba\.tests\.krb5\.conditional_ace_tests\.samba\.tests\.krb5\.conditional_ace_tests\.TgsReqServicePolicyTests\.test_pac_device_info_no_compound_id_support_no_claims_valid_existing_device_claims_target_policy\(ad_dc\)$
^samba\.tests\.krb5\.conditional_ace_tests\.samba\.tests\.krb5\.conditional_ace_tests\.TgsReqServicePolicyTests\.test_pac_device_info_no_compound_id_support_no_claims_valid_existing_device_claims\(ad_dc\)$
^samba\.tests\.krb5\.conditional_ace_tests\.samba\.tests\.krb5\.conditional_ace_tests\.TgsReqServicePolicyTests\.test_pac_device_info_rodc_issued\(ad_dc\)$
-#
-# Lockout tests
-#
-^samba\.tests\.krb5\.lockout_tests\.samba\.tests\.krb5\.lockout_tests\.LockoutTests\.test_lockout_status_disabled_fast\(ad_dc:local\)$
-^samba\.tests\.krb5\.lockout_tests\.samba\.tests\.krb5\.lockout_tests\.LockoutTests\.test_lockout_status_expired_fast\(ad_dc:local\)$
-^samba\.tests\.krb5\.lockout_tests\.samba\.tests\.krb5\.lockout_tests\.LockoutTests\.test_lockout_status_locked_out_fast\(ad_dc:local\)$
-^samba\.tests\.krb5\.lockout_tests\.samba\.tests\.krb5\.lockout_tests\.LockoutTests\.test_lockout_status_must_change_fast\(ad_dc:local\)$
-^samba\.tests\.krb5\.lockout_tests\.samba\.tests\.krb5\.lockout_tests\.LockoutTests\.test_lockout_status_password_expired_fast\(ad_dc:local\)$
heim_assert(r != NULL, "invalid request in _kdc_fast_mk_error");
- if (r->e_data.length) {
+ if (!armor_crypto && r->e_data.length) {
+ /*
+ * If we’re not armoring the response with FAST, r->e_data
+ * takes precedence over the e‐data that would normally be
+ * generated. r->e_data typically contains a
+ * Microsoft‐specific NTSTATUS code.
+ *
+ * But if FAST is in use, Windows Server suppresses the
+ * NTSTATUS code in favour of an armored response
+ * encapsulating an ordinary KRB‐ERROR. So we ignore r->e_data
+ * in that case.
+ */
e_data = &r->e_data;
} else {
ret = _kdc_fast_mk_e_data(r,
projects / thirdparty / samba.git / commitdiff
