From e389d8f964380f7e381de7c32e05b14a44122e3a Mon Sep 17 00:00:00 2001 From: Jeffrey Altman Date: Mon, 18 Feb 2008 17:34:51 +0000 Subject: [PATCH] DEVEL15-windows-do-not-discard-badtickets-20080218 LICENSE MIT The RXKADBADTICKET error is returned when a krb5 derived token is sent to a server that does not support them. In a mixed cell it is possible that some servers were not updated. Discarding the token does not make it possible to perform the request successfully and adversely affects the user experience because those servers that do support the token can no longer be accessed in an authenticated manner. Users can't determine what the cause is, all they see are their tokens disappearing and there is nothing they can do about it anyway. From now on return STATUS_NO_KERB_KEY and do not retry. (cherry picked from commit 7a290f39ec303cb3473f63f7d9c634e767191279) --- src/WINNT/afsd/cm_conn.c | 2 +- src/WINNT/afsd/smb.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/WINNT/afsd/cm_conn.c b/src/WINNT/afsd/cm_conn.c index 43b9f5cd0..48c682838 100644 --- a/src/WINNT/afsd/cm_conn.c +++ b/src/WINNT/afsd/cm_conn.c @@ -600,7 +600,7 @@ cm_Analyze(cm_conn_t *connp, cm_user_t *userp, cm_req_t *reqp, if ( timeLeft > 2 ) retry = 1; } - else if (errorCode == RXKADEXPIRED || errorCode == RXKADBADTICKET) { + else if (errorCode == RXKADEXPIRED) { if (!dead_session) { lock_ObtainMutex(&userp->mx); ucellp = cm_GetUCell(userp, serverp->cellp); diff --git a/src/WINNT/afsd/smb.c b/src/WINNT/afsd/smb.c index be1509f73..f99d7ba2b 100644 --- a/src/WINNT/afsd/smb.c +++ b/src/WINNT/afsd/smb.c @@ -2882,8 +2882,8 @@ void smb_MapNTError(long code, unsigned long *NTStatusp) else if (code == CM_ERROR_ALLOFFLINE || code == CM_ERROR_ALLDOWN) { NTStatus = 0xC00000BEL; /* Bad Network Path */ } - else if (code == RXKADUNKNOWNKEY) { - NTStatus = 0xC0000322L; /* Bad Kerberos key */ + else if (code >= ERROR_TABLE_BASE_RXK && code < ERROR_TABLE_BASE_RXK + 256) { + NTStatus = 0xC0000322L; /* No Kerberos key */ } else if (code == CM_ERROR_BAD_LEVEL) { NTStatus = 0xC0000148L; /* Invalid Level */ -- 2.39.5