Bug 15015 - PKINIT: hdb_samba4_audit: Unhandled hdb_auth_status=9 => INTERNAL_ERROR
Summary: PKINIT: hdb_samba4_audit: Unhandled hdb_auth_status=9 => INTERNAL_ERROR
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: 4.16.0rc5
Hardware: All All
: P5 regression (vote)
Target Milestone: 4.16
Assignee: Jule Anger
QA Contact: Samba QA Contact
URL: https://gitlab.com/samba-team/samba/-...
Keywords:
Depends on:
Blocks:
 
Reported: 2022-03-13 21:53 UTC by Andrew Bartlett
Modified: 2022-03-21 12:18 UTC (History)
2 users (show)

See Also:


Attachments
HDB audit patch backport to 4.16 (6.34 KB, patch)
2022-03-17 02:42 UTC, Andrew Bartlett
jsutton: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Bartlett 2022-03-13 21:53:36 UTC
The new Heimdal update appears to have broken PKINIT auditing (note that this did not have a good test framework, so this was not a supprise). 

make test TESTS=samba4.blackbox.pkinit

shows

hdb_samba4_audit: Unhandled hdb_auth_status=9 => INTERNAL_ERROR
Comment 1 Jo Sutton 2022-03-13 22:05:45 UTC
Cases to handle KDC_AUTH_EVENT_VALIDATED_LONG_TERM_KEY and KDC_AUTH_EVENT_PREAUTH_SUCCEEDED were removed in:

commit 791be84c3eecb95e03611458e2305bae272ba267
Author: Stefan Metzmacher <metze@samba.org>
Date:   Wed Mar 2 10:10:08 2022 +1300

    s4:kdc: hdb_samba4_audit() is only called once per request

So I guess those cases just need to be put back.
Comment 2 Samba QA Contact 2022-03-17 01:37:04 UTC
This bug was referenced in samba master:

b01388da8a72c11c46bb27e773b354520bc6ac88
5294dc80090482d5669126802672eb2c89e269cf
Comment 3 Andrew Bartlett 2022-03-17 02:42:37 UTC
Created attachment 17223 [details]
HDB audit patch backport to 4.16
Comment 4 Jule Anger 2022-03-17 10:15:09 UTC
Pushed to autobuild-v4-16-test.
Comment 5 Samba QA Contact 2022-03-17 10:25:32 UTC
This bug was referenced in samba v4-16-test:

507ececf03d8644b93a9ea953f6ab1c4aefb8e47
41054b612311e624fa6a673808118fc319e758d8
Comment 6 Jule Anger 2022-03-17 10:38:01 UTC
Closing out bug report.

Thanks!
Comment 7 Samba QA Contact 2022-03-21 12:18:26 UTC
This bug was referenced in samba v4-16-stable (Release samba-4.16.0):

507ececf03d8644b93a9ea953f6ab1c4aefb8e47
41054b612311e624fa6a673808118fc319e758d8