diff options
author | Andreas Schneider <asn@samba.org> | 2021-10-20 07:12:19 +0200 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2021-12-05 12:52:27 -0500 |
commit | 9544229ff3b6793cad39ce7d8dd2467ec2cf4f45 (patch) | |
tree | 556e01a926fe0971245e5cb7ace3b926ac93c94a | |
parent | f1b36bb34e16ac423597c292ebfad77aa225de97 (diff) | |
download | krb5-9544229ff3b6793cad39ce7d8dd2467ec2cf4f45.zip krb5-9544229ff3b6793cad39ce7d8dd2467ec2cf4f45.tar.gz krb5-9544229ff3b6793cad39ce7d8dd2467ec2cf4f45.tar.bz2 |
Issue an error from KDC on S4U2Self failures
Commit 3b163eed1cf1f55dd4a7bc6d6fffc34f55695b00 mistakenly separated
the call to kdc_process_s4u2self_req() from its error check, causing
the KDC to ignore S4U2Self padata with bad checksums. Restore the
error check so that the KDC replies with an error as intended.
[ghudson@mit.edu: removed old error check later on in the code;
rewrote commit message]
ticket: 9038 (new)
-rw-r--r-- | src/kdc/do_tgs_req.c | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c index 32dc65f..45837fb 100644 --- a/src/kdc/do_tgs_req.c +++ b/src/kdc/do_tgs_req.c @@ -276,6 +276,8 @@ process_tgs_req(krb5_kdc_req *request, krb5_data *pkt, au_state->status = status; kau_s4u2self(kdc_context, errcode ? FALSE : TRUE, au_state); au_state->s4u2self_user = NULL; + if (errcode) + goto cleanup; } /* For user-to-user and S4U2Proxy requests, decrypt the second ticket. */ @@ -295,9 +297,6 @@ process_tgs_req(krb5_kdc_req *request, krb5_data *pkt, goto cleanup; } - if (errcode) - goto cleanup; - if (s4u_x509_user != NULL && client == NULL) { /* * For an S4U2Self referral request (the requesting service is |