From 450359e28202d27bde8e050bee3ffdae86beb938 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 22 Oct 2004 03:02:51 +0000
Subject: r3128: Return the correct error code for a secrets/kerberos login,
 but skipping 'bad encryption type'.

Andrew Bartlett
(This used to be commit 4efb87eb03acfa888d455e4ca0aff18bda7f7ba5)
---
 source4/libcli/auth/kerberos_verify.c | 22 +++++++++++++++-------
 1 file changed, 15 insertions(+), 7 deletions(-)

(limited to 'source4/libcli')

diff --git a/source4/libcli/auth/kerberos_verify.c b/source4/libcli/auth/kerberos_verify.c
index f0efd286a6..8d050182f9 100644
--- a/source4/libcli/auth/kerberos_verify.c
+++ b/source4/libcli/auth/kerberos_verify.c
@@ -160,7 +160,7 @@ static krb5_error_code ads_keytab_verify_ticket(krb5_context context, krb5_auth_
  Try to verify a ticket using the secrets.tdb.
 ***********************************************************************************/
 
-static BOOL ads_secrets_verify_ticket(krb5_context context, krb5_auth_context auth_context,
+static krb5_error_code ads_secrets_verify_ticket(krb5_context context, krb5_auth_context auth_context,
 			krb5_principal host_princ,
 			const DATA_BLOB *ticket, krb5_data *p_packet, krb5_ticket **pp_tkt,
 			krb5_keyblock *keyblock)
@@ -198,29 +198,37 @@ static BOOL ads_secrets_verify_ticket(krb5_context context, krb5_auth_context au
 	p_packet->length = ticket->length;
 	p_packet->data = (krb5_pointer)ticket->data;
 
+	ret = KRB5_BAD_ENCTYPE;
 	/* We need to setup a auth context with each possible encoding type in turn. */
 	for (i=0;enctypes[i];i++) {
-		ret = create_kerberos_key_from_string(context, host_princ, &password, keyblock, enctypes[i]);
-		if (ret) {
+		krb5_error_code our_ret;
+		our_ret = create_kerberos_key_from_string(context, host_princ, &password, keyblock, enctypes[i]);
+		if (our_ret) {
+			ret = our_ret;
 			continue;
 		}
 
 		krb5_auth_con_setuseruserkey(context, auth_context, keyblock);
 
-		ret = krb5_rd_req(context, &auth_context, p_packet, 
+		our_ret = krb5_rd_req(context, &auth_context, p_packet, 
 					NULL,
 					NULL, NULL, pp_tkt);
-		if (!ret) {
+		if (!our_ret) {
 			DEBUG(10,("ads_secrets_verify_ticket: enc type [%u] decrypted message !\n",
 				(unsigned int)enctypes[i] ));
+			ret = our_ret;
 			break;
 		}
 
 		krb5_free_keyblock_contents(context, keyblock);
 
-		DEBUG((ret != KRB5_BAD_ENCTYPE) ? 3 : 10,
+		DEBUG((our_ret != KRB5_BAD_ENCTYPE) ? 3 : 10,
 				("ads_secrets_verify_ticket: enc type [%u] failed to decrypt with error %s\n",
-				(unsigned int)enctypes[i], error_message(ret)));
+				(unsigned int)enctypes[i], error_message(our_ret)));
+
+		if (our_ret !=  KRB5_BAD_ENCTYPE) {
+			ret = our_ret;
+		}
 	}
 
  out:
-- 
cgit