ret = _kdc_db_fetch(context, config, client_princ,
HDB_F_GET_CLIENT | flags, NULL,
&clientdb, &client);
- if(ret){
+ if(ret == HDB_ERR_NOT_FOUND_HERE) {
+ kdc_log(context, config, 5, "client %s does not have secrets at this KDC, need to proxy", client_name);
+ goto out;
+ } else if(ret){
const char *msg = krb5_get_error_message(context, ret);
kdc_log(context, config, 0, "UNKNOWN -- %s: %s", client_name, msg);
krb5_free_error_message(context, msg);
ret = _kdc_db_fetch(context, config, server_princ,
HDB_F_GET_SERVER|HDB_F_GET_KRBTGT,
NULL, NULL, &server);
- if(ret){
+ if(ret == HDB_ERR_NOT_FOUND_HERE) {
+ kdc_log(context, config, 5, "target %s does not have secrets at this KDC, need to proxy", server_name);
+ goto out;
+ } else if(ret){
const char *msg = krb5_get_error_message(context, ret);
kdc_log(context, config, 0, "UNKNOWN -- %s: %s", server_name, msg);
krb5_free_error_message(context, msg);
out:
free_AS_REP(&rep);
- if(ret){
+ if(ret != 0 && ret != HDB_ERR_NOT_FOUND_HERE){
krb5_mk_error(context,
ret,
e_text,
ret = _kdc_db_fetch(context, config, princ, HDB_F_GET_KRBTGT, ap_req.ticket.enc_part.kvno, NULL, krbtgt);
- if(ret) {
+ if(ret == HDB_ERR_NOT_FOUND_HERE) {
+ char *p;
+ ret = krb5_unparse_name(context, princ, &p);
+ if (ret != 0)
+ p = "<unparse_name failed>";
+ krb5_free_principal(context, princ);
+ kdc_log(context, config, 5, "Ticket-granting ticket account %s does not have secrets at this KDC, need to proxy", p);
+ if (ret == 0)
+ free(p);
+ goto out;
+ } else if(ret){
const char *msg = krb5_get_error_message(context, ret);
char *p;
ret = krb5_unparse_name(context, princ, &p);
ret = _kdc_db_fetch(context, config, sp, HDB_F_GET_SERVER | HDB_F_CANON,
NULL, NULL, &server);
- if(ret){
+ if(ret == HDB_ERR_NOT_FOUND_HERE) {
+ kdc_log(context, config, 5, "target %s does not have secrets at this KDC, need to proxy", sp);
+ goto out;
+ } else if(ret){
const char *new_rlm, *msg;
Realm req_rlm;
krb5_realm *realms;
ret = _kdc_db_fetch(context, config, cp, HDB_F_GET_CLIENT | HDB_F_CANON,
NULL, &clientdb, &client);
- if(ret) {
+ if(ret == HDB_ERR_NOT_FOUND_HERE) {
+ kdc_log(context, config, 5, "client %s does not have secrets at this KDC, need to proxy", cp);
+ goto out;
+ } else if(ret){
const char *krbtgt_realm, *msg;
/*
out:
if (replykey)
krb5_free_keyblock(context, replykey);
- if(ret && data->data == NULL){
+ if(ret && ret != HDB_ERR_NOT_FOUND_HERE && data->data == NULL){
krb5_mk_error(context,
ret,
NULL,
csec,
cusec,
data);
+ ret = 0;
}
free(csec);
free(cusec);
free(auth_data);
}
- return 0;
+ return ret;
}