krb5_wrap: Fix smb_krb5_mk_error() with MIT Kerberos

author Andreas Schneider <asn@samba.org>

Fri, 2 Sep 2016 09:54:48 +0000 (11:54 +0200)

committer Jeremy Allison <jra@samba.org>

Sun, 11 Sep 2016 00:58:22 +0000 (02:58 +0200)
author Andreas Schneider <asn@samba.org>
Fri, 2 Sep 2016 09:54:48 +0000 (11:54 +0200)
committer Jeremy Allison <jra@samba.org>
Sun, 11 Sep 2016 00:58:22 +0000 (02:58 +0200)
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c

index dcd6185db9fab36dd2decb6c81cf997f9ce55cd6..28884d9044dbc1eeb310f62720fb1977d6a97c84 100644 (file)
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -206,6 +206,8 @@ krb5_error_code smb_krb5_mk_error(krb5_context context,
                                   krb5_error_code error_code,
                                   const char *e_text,
                                   krb5_data *e_data,
+                                 const krb5_principal client,
+                                 const krb5_principal server,
                                   krb5_data *enc_err)
  {
         krb5_error_code code = EINVAL;
@@ -214,27 +216,59 @@ krb5_error_code smb_krb5_mk_error(krb5_context context,
                              error_code,
                              e_text,
                              e_data,
-                            NULL, /* client */
-                            NULL, /* server */
+                            client,
+                            server,
                              NULL, /* client_time */
                              NULL, /* client_usec */
                              enc_err);
  #else
-       krb5_error dec_err = {
-               .error = error_code,
-       };
+       krb5_principal unspec_server = NULL;
+       krb5_error errpkt;
  
+       errpkt.ctime = 0;
+       errpkt.cusec = 0;
+
+       code = krb5_us_timeofday(context,
+                                &errpkt.stime,
+                                &errpkt.susec);
+       if (code != 0) {
+               return code;
+       }
+
+       errpkt.error = error_code;
+
+       errpkt.text.length = 0;
         if (e_text != NULL) {
-               dec_err.text.length = strlen(e_text);
-               dec_err.text.data = discard_const_p(char, e_text);
+               errpkt.text.length = strlen(e_text);
+               errpkt.text.data = discard_const_p(char, e_text);
         }
+
+       errpkt.e_data.magic = KV5M_DATA;
+       errpkt.e_data.length = 0;
+       errpkt.e_data.data = NULL;
         if (e_data != NULL) {
-               dec_err.e_data = *e_data;
+               errpkt.e_data = *e_data;
+       }
+
+       errpkt.client = client;
+
+       if (server != NULL) {
+               errpkt.server = server;
+       } else {
+               code = smb_krb5_make_principal(context,
+                                              &unspec_server,
+                                              "<unspecified realm>",
+                                              NULL);
+               if (code != 0) {
+                       return code;
+               }
+               errpkt.server = unspec_server;
         }
  
         code = krb5_mk_error(context,
-                            &dec_err,
+                            &errpkt,
                              enc_err);
+       krb5_free_principal(context, unspec_server);
  #endif
         return code;
  }
diff --git a/lib/krb5_wrap/krb5_samba.h b/lib/krb5_wrap/krb5_samba.h

index 64a04b31b55e594fe19db5081a1350995fee3ddd..71e81ea26e170e5635d5481329d9f96274d882ae 100644 (file)
--- a/lib/krb5_wrap/krb5_samba.h
+++ b/lib/krb5_wrap/krb5_samba.h
@@ -169,6 +169,8 @@ krb5_error_code smb_krb5_mk_error(krb5_context context,
                                   krb5_error_code error_code,
                                   const char *e_text,
                                   krb5_data *e_data,
+                                 const krb5_principal client,
+                                 const krb5_principal server,
                                   krb5_data *enc_err);
  
  krb5_error_code smb_krb5_get_allowed_etypes(krb5_context context,
diff --git a/source4/kdc/kdc-server.c b/source4/kdc/kdc-server.c

index 7854f497b05fbdf93bd6d468ce01b58090b6cd4f..13e338de445413818de06f344be86490819ce5ac 100644 (file)
--- a/source4/kdc/kdc-server.c
+++ b/source4/kdc/kdc-server.c
@@ -83,6 +83,8 @@ static NTSTATUS kdc_proxy_unavailable_error(struct kdc_server *kdc,
                                  KRB5KDC_ERR_SVC_UNAVAILABLE,
                                  NULL,
                                  NULL,
+                                NULL,
+                                NULL,
                                  &enc_error);
         if (code != 0) {
                 DBG_WARNING("Unable to form krb5 error reply\n");
diff --git a/source4/kdc/kpasswd-heimdal.c b/source4/kdc/kpasswd-heimdal.c

index ff2f6af920814684064676241027f241a2976569..85d173008c0eedf91894406334d61b9739a22d06 100644 (file)
--- a/source4/kdc/kpasswd-heimdal.c
+++ b/source4/kdc/kpasswd-heimdal.c
@@ -81,6 +81,8 @@ static bool kpasswdd_make_unauth_error_reply(struct kdc_server *kdc,
                                  result_code,
                                  NULL,
                                  &k5_error_bytes,
+                                NULL,
+                                NULL,
                                  &k5_error_blob);
         if (kret) {
                 return false;
author	Andreas Schneider <asn@samba.org>
	Fri, 2 Sep 2016 09:54:48 +0000 (11:54 +0200)
committer	Jeremy Allison <jra@samba.org>
	Sun, 11 Sep 2016 00:58:22 +0000 (02:58 +0200)
lib/krb5_wrap/krb5_samba.c		patch \| blob \| history
lib/krb5_wrap/krb5_samba.h		patch \| blob \| history
source4/kdc/kdc-server.c		patch \| blob \| history
source4/kdc/kpasswd-heimdal.c		patch \| blob \| history