diff options
author | Andrew Bartlett <abartlet@samba.org> | 2010-11-12 12:31:33 +1100 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2010-11-12 18:18:55 +1100 |
commit | aa1c32ccb08965ff2044b82cbf624404f7fd377b (patch) | |
tree | 8084c57d20aed25788fd9c07d378c8d51a39f7d9 /source4/heimdal/kdc/kerberos5.c | |
parent | 2fbaa099192f7f3ee6ba2b996ddf2ca17baaacf5 (diff) | |
download | samba-aa1c32ccb08965ff2044b82cbf624404f7fd377b.tar.gz samba-aa1c32ccb08965ff2044b82cbf624404f7fd377b.tar.bz2 samba-aa1c32ccb08965ff2044b82cbf624404f7fd377b.zip |
heimdal Return HDB_ERR_NOT_FOUND_HERE to the caller
This means that no reply packet should be generated, but that instead
the user of the libkdc API should forward the packet to a real KDC,
that has a full database.
Andrew Bartlett
Diffstat (limited to 'source4/heimdal/kdc/kerberos5.c')
-rw-r--r-- | source4/heimdal/kdc/kerberos5.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c index 40e597befb..394f4dec67 100644 --- a/source4/heimdal/kdc/kerberos5.c +++ b/source4/heimdal/kdc/kerberos5.c @@ -990,7 +990,10 @@ _kdc_as_rep(krb5_context context, ret = _kdc_db_fetch(context, config, client_princ, HDB_F_GET_CLIENT | flags, NULL, &clientdb, &client); - if(ret){ + if(ret == HDB_ERR_NOT_FOUND_HERE) { + kdc_log(context, config, 5, "client %s does not have secrets at this KDC, need to proxy", client_name); + goto out; + } else if(ret){ const char *msg = krb5_get_error_message(context, ret); kdc_log(context, config, 0, "UNKNOWN -- %s: %s", client_name, msg); krb5_free_error_message(context, msg); @@ -1001,7 +1004,10 @@ _kdc_as_rep(krb5_context context, ret = _kdc_db_fetch(context, config, server_princ, HDB_F_GET_SERVER|HDB_F_GET_KRBTGT, NULL, NULL, &server); - if(ret){ + if(ret == HDB_ERR_NOT_FOUND_HERE) { + kdc_log(context, config, 5, "target %s does not have secrets at this KDC, need to proxy", server_name); + goto out; + } else if(ret){ const char *msg = krb5_get_error_message(context, ret); kdc_log(context, config, 0, "UNKNOWN -- %s: %s", server_name, msg); krb5_free_error_message(context, msg); @@ -1778,7 +1784,7 @@ _kdc_as_rep(krb5_context context, out: free_AS_REP(&rep); - if(ret){ + if(ret != 0 && ret != HDB_ERR_NOT_FOUND_HERE){ krb5_mk_error(context, ret, e_text, |