diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2004-10-22 03:02:51 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:02:24 -0500 |
| commit | 450359e28202d27bde8e050bee3ffdae86beb938 (patch) | |
| tree | 4480dc3d8f2d8da034e72e456697a06d8b38f60b /source4/libcli | |
| parent | 1cd1b172d52a1fb336cd001ac0ca2fbf7e26a9a3 (diff) | |
| download | samba-450359e28202d27bde8e050bee3ffdae86beb938.tar.gz samba-450359e28202d27bde8e050bee3ffdae86beb938.tar.bz2 samba-450359e28202d27bde8e050bee3ffdae86beb938.zip | |
r3128: Return the correct error code for a secrets/kerberos login, but
skipping 'bad encryption type'.
Andrew Bartlett
(This used to be commit 4efb87eb03acfa888d455e4ca0aff18bda7f7ba5)
Diffstat (limited to 'source4/libcli')
| -rw-r--r-- | source4/libcli/auth/kerberos_verify.c | 22 |
1 files changed, 15 insertions, 7 deletions
diff --git a/source4/libcli/auth/kerberos_verify.c b/source4/libcli/auth/kerberos_verify.c index f0efd286a6..8d050182f9 100644 --- a/source4/libcli/auth/kerberos_verify.c +++ b/source4/libcli/auth/kerberos_verify.c @@ -160,7 +160,7 @@ static krb5_error_code ads_keytab_verify_ticket(krb5_context context, krb5_auth_ Try to verify a ticket using the secrets.tdb. ***********************************************************************************/ -static BOOL ads_secrets_verify_ticket(krb5_context context, krb5_auth_context auth_context, +static krb5_error_code ads_secrets_verify_ticket(krb5_context context, krb5_auth_context auth_context, krb5_principal host_princ, const DATA_BLOB *ticket, krb5_data *p_packet, krb5_ticket **pp_tkt, krb5_keyblock *keyblock) @@ -198,29 +198,37 @@ static BOOL ads_secrets_verify_ticket(krb5_context context, krb5_auth_context au p_packet->length = ticket->length; p_packet->data = (krb5_pointer)ticket->data; + ret = KRB5_BAD_ENCTYPE; /* We need to setup a auth context with each possible encoding type in turn. */ for (i=0;enctypes[i];i++) { - ret = create_kerberos_key_from_string(context, host_princ, &password, keyblock, enctypes[i]); - if (ret) { + krb5_error_code our_ret; + our_ret = create_kerberos_key_from_string(context, host_princ, &password, keyblock, enctypes[i]); + if (our_ret) { + ret = our_ret; continue; } krb5_auth_con_setuseruserkey(context, auth_context, keyblock); - ret = krb5_rd_req(context, &auth_context, p_packet, + our_ret = krb5_rd_req(context, &auth_context, p_packet, NULL, NULL, NULL, pp_tkt); - if (!ret) { + if (!our_ret) { DEBUG(10,("ads_secrets_verify_ticket: enc type [%u] decrypted message !\n", (unsigned int)enctypes[i] )); + ret = our_ret; break; } krb5_free_keyblock_contents(context, keyblock); - DEBUG((ret != KRB5_BAD_ENCTYPE) ? 3 : 10, + DEBUG((our_ret != KRB5_BAD_ENCTYPE) ? 3 : 10, ("ads_secrets_verify_ticket: enc type [%u] failed to decrypt with error %s\n", - (unsigned int)enctypes[i], error_message(ret))); + (unsigned int)enctypes[i], error_message(our_ret))); + + if (our_ret != KRB5_BAD_ENCTYPE) { + ret = our_ret; + } } out: |