The Samba-Bugzilla – Attachment 13861 Details for
Bug 13132
The KDC on an RWDC doesn't send error replies in some situations
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for v4-7-test
tmp47.diff.txt (text/plain), 3.19 KB, created by
Stefan Metzmacher
on 2017-12-13 12:32:15 UTC
(
hide
)
Description:
Patch for v4-7-test
Filename:
MIME Type:
Creator:
Stefan Metzmacher
Created:
2017-12-13 12:32:15 UTC
Size:
3.19 KB
patch
obsolete
>From fdc3c7ab5a5344e35bd11890b17bbe9459adc86f Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Thu, 21 Sep 2017 12:02:25 +0200 >Subject: [PATCH] s4:kdc: only map SDB_ERR_NOT_FOUND_HERE to > HDB_ERR_NOT_FOUND_HERE > >HDB_ERR_NOT_FOUND_HERE indicated a very specific error on an RODC. > >We should not map any error to HDB_ERR_NOT_FOUND_HERE, >we should just pass errors along unmapped. > >Otherwise we'll hit the logic bug in: > > if (ret == KDC_PROXY_REQUEST) { > uint16_t port; > > if (!sock->kdc_socket->kdc->am_rodc) { > DEBUG(0,("kdc_udp_call_loop: proxying requested when not RODC")); > talloc_free(call); > goto done; > } > >And just don't send an error message to the client. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13132 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> > >Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> >Autobuild-Date(master): Wed Dec 6 23:16:54 CET 2017 on sn-devel-144 > >(cherry picked from commit aaa946bb9eb8088389b8ffdec460023f1961616c) >--- > source4/kdc/hdb-samba4.c | 24 ++++++++++++++++++------ > 1 file changed, 18 insertions(+), 6 deletions(-) > >diff --git a/source4/kdc/hdb-samba4.c b/source4/kdc/hdb-samba4.c >index 552eeee..a2fbf5a 100644 >--- a/source4/kdc/hdb-samba4.c >+++ b/source4/kdc/hdb-samba4.c >@@ -120,8 +120,10 @@ static krb5_error_code hdb_samba4_fetch_kvno(krb5_context context, HDB *db, > break; > case SDB_ERR_NOENTRY: > return HDB_ERR_NOENTRY; >- default: >+ case SDB_ERR_NOT_FOUND_HERE: > return HDB_ERR_NOT_FOUND_HERE; >+ default: >+ return ret; > } > > ret = sdb_entry_ex_to_hdb_entry_ex(context, &sdb_entry_ex, entry_ex); >@@ -152,8 +154,10 @@ static krb5_error_code hdb_samba4_firstkey(krb5_context context, HDB *db, unsign > return HDB_ERR_WRONG_REALM; > case SDB_ERR_NOENTRY: > return HDB_ERR_NOENTRY; >- default: >+ case SDB_ERR_NOT_FOUND_HERE: > return HDB_ERR_NOT_FOUND_HERE; >+ default: >+ return ret; > } > > ret = sdb_entry_ex_to_hdb_entry_ex(context, &sdb_entry_ex, entry); >@@ -179,8 +183,10 @@ static krb5_error_code hdb_samba4_nextkey(krb5_context context, HDB *db, unsigne > return HDB_ERR_WRONG_REALM; > case SDB_ERR_NOENTRY: > return HDB_ERR_NOENTRY; >- default: >+ case SDB_ERR_NOT_FOUND_HERE: > return HDB_ERR_NOT_FOUND_HERE; >+ default: >+ return ret; > } > > ret = sdb_entry_ex_to_hdb_entry_ex(context, &sdb_entry_ex, entry); >@@ -220,9 +226,11 @@ hdb_samba4_check_constrained_delegation(krb5_context context, HDB *db, > case SDB_ERR_NOENTRY: > ret = HDB_ERR_NOENTRY; > break; >- default: >+ case SDB_ERR_NOT_FOUND_HERE: > ret = HDB_ERR_NOT_FOUND_HERE; > break; >+ default: >+ break; > } > > return ret; >@@ -254,9 +262,11 @@ hdb_samba4_check_pkinit_ms_upn_match(krb5_context context, HDB *db, > case SDB_ERR_NOENTRY: > ret = HDB_ERR_NOENTRY; > break; >- default: >+ case SDB_ERR_NOT_FOUND_HERE: > ret = HDB_ERR_NOT_FOUND_HERE; > break; >+ default: >+ break; > } > > return ret; >@@ -288,9 +298,11 @@ hdb_samba4_check_s4u2self(krb5_context context, HDB *db, > case SDB_ERR_NOENTRY: > ret = HDB_ERR_NOENTRY; > break; >- default: >+ case SDB_ERR_NOT_FOUND_HERE: > ret = HDB_ERR_NOT_FOUND_HERE; > break; >+ default: >+ break; > } > > return ret; >-- >1.9.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
asn
:
review+
Actions:
View
Attachments on
bug 13132
: 13861 |
13862