[PATCH] Add missing KDC "status" on some fail conditions

[Samuel Cabrero]

The process_tgs_req function requires the status string to be set
for all fail conditions before jump to "cleanup" label, otherwise
it will cause an assertion failure.

Signed-off-by: Samuel Cabrero <scabrero at suse.de>
---
 src/kdc/do_tgs_req.c | 24 ++++++++++++++++++------
 1 file changed, 18 insertions(+), 6 deletions(-)

diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c
index 547a41441..d13160c00 100644
--- a/src/kdc/do_tgs_req.c
+++ b/src/kdc/do_tgs_req.c
@@ -253,8 +253,10 @@ process_tgs_req(struct server_handle *handle, krb5_data *pkt,
 
     errcode = search_sprinc(kdc_active_realm, request, s_flags, &server,
                             &status);
-    if (errcode != 0)
+    if (errcode != 0) {
+        status = "SEARCH_SPRINC";
         goto cleanup;
+    }
     sprinc = server->princ;
 
     /* If we got a cross-realm TGS which is not the requested server, we are
@@ -304,8 +306,10 @@ process_tgs_req(struct server_handle *handle, krb5_data *pkt,
         au_state->s4u2self_user = NULL;
     }
 
-    if (errcode)
+    if (errcode) {
+        status = "PROCESS_S4U2SELF";
         goto cleanup;
+    }
     if (s4u_x509_user != NULL) {
         setflag(c_flags, KRB5_KDB_FLAG_PROTOCOL_TRANSITION);
         if (is_referral) {
@@ -320,8 +324,10 @@ process_tgs_req(struct server_handle *handle, krb5_data *pkt,
     /* Deal with user-to-user and constrained delegation */
     errcode = decrypt_2ndtkt(kdc_active_realm, request, c_flags,
                              &stkt_server, &status);
-    if (errcode)
+    if (errcode) {
+        status = "DECRYPT_2NDTKT";
         goto cleanup;
+    }
 
     if (isflagset(request->kdc_options, KDC_OPT_CNAME_IN_ADDL_TKT)) {
         /* Do constrained delegation protocol and authorization checks */
@@ -345,8 +351,10 @@ process_tgs_req(struct server_handle *handle, krb5_data *pkt,
             goto cleanup;
         }
         kau_s4u2proxy(kdc_context, errcode ? FALSE : TRUE, au_state);
-        if (errcode)
+        if (errcode) {
+            status = "KAU_S4U2PROXY";
             goto cleanup;
+        }
 
         setflag(c_flags, KRB5_KDB_FLAG_CONSTRAINED_DELEGATION);
 
@@ -365,8 +373,10 @@ process_tgs_req(struct server_handle *handle, krb5_data *pkt,
 
     errcode = gen_session_key(kdc_active_realm, request, server, &session_key,
                               &status);
-    if (errcode)
+    if (errcode) {
+        status = "GEN_SESSION_KEY";
         goto cleanup;
+    }
 
     /*
      * subject_tkt will refer to the evidence ticket (for constrained
@@ -745,8 +755,10 @@ process_tgs_req(struct server_handle *handle, krb5_data *pkt,
             au_state->status = status;
         }
         kau_s4u2self(kdc_context, errcode ? FALSE : TRUE, au_state);
-        if (errcode)
+        if (errcode) {
+            status = "KAU_S4U2SELF";
             goto cleanup;
+        }
     }
 
     reply.client = enc_tkt_reply.client;
-- 
2.13.2