svn commit: samba r11394 - in
branches/SAMBA_4_0/source/auth/gensec: .
abartlet at samba.org
abartlet at samba.org
Sat Oct 29 13:13:52 GMT 2005
Author: abartlet
Date: 2005-10-29 13:13:52 +0000 (Sat, 29 Oct 2005)
New Revision: 11394
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=11394
Log:
Allow KDC unreachable as another 'forget about gssapi' error on SPNEGO.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/auth/gensec/gensec_gssapi.c
Changeset:
Modified: branches/SAMBA_4_0/source/auth/gensec/gensec_gssapi.c
===================================================================
--- branches/SAMBA_4_0/source/auth/gensec/gensec_gssapi.c 2005-10-29 11:11:05 UTC (rev 11393)
+++ branches/SAMBA_4_0/source/auth/gensec/gensec_gssapi.c 2005-10-29 13:13:52 UTC (rev 11394)
@@ -430,6 +430,10 @@
&& (memcmp(gensec_gssapi_state->gss_oid->elements, gss_mech_krb5->elements,
gensec_gssapi_state->gss_oid->length) == 0)) {
switch (min_stat) {
+ case KRB5_KDC_UNREACH:
+ DEBUG(3, ("Cannot reach a KDC we require: %s\n",
+ gssapi_error_string(gensec_gssapi_state, maj_stat, min_stat)));
+ return NT_STATUS_INVALID_PARAMETER; /* Make SPNEGO ignore us, we can't go any further here */
case KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN:
DEBUG(3, ("Server is not registered with our KDC: %s\n",
gssapi_error_string(gensec_gssapi_state, maj_stat, min_stat)));
More information about the samba-cvs
mailing list