- less invasive approach to letting kpasswd hit tcp-only servers
This commit is contained in:
Nalin Dahyabhai
parent
f25a7f96a5
commit
3a41ec53ed
34
krb5-trunk-kpasswd_tcp.patch
Normal file
34
krb5-trunk-kpasswd_tcp.patch
Normal file
@ -0,0 +1,34 @@
|
||||
Fall back to TCP on kdc-unresolvable/unreachable errors.
|
||||
|
||||
Index: src/lib/krb5/os/changepw.c
|
||||
===================================================================
|
||||
--- src/lib/krb5/os/changepw.c (revision 20199)
|
||||
+++ src/lib/krb5/os/changepw.c (working copy)
|
||||
@@ -251,11 +251,22 @@
|
||||
NULL,
|
||||
NULL
|
||||
))) {
|
||||
-
|
||||
- /*
|
||||
- * Here we may want to switch to TCP on some errors.
|
||||
- * right?
|
||||
- */
|
||||
+ /* if we're not using a stream socket, and it's an error which
|
||||
+ * might reasonably be specific to a datagram "connection", try
|
||||
+ * again with a stream socket */
|
||||
+ if (!useTcp) {
|
||||
+ switch (code) {
|
||||
+ case KRB5_KDC_UNREACH:
|
||||
+ case KRB5_REALM_CANT_RESOLVE:
|
||||
+ case KRB5KRB_ERR_RESPONSE_TOO_BIG:
|
||||
+ /* should we do this for more result codes than these? */
|
||||
+ krb5int_free_addrlist (&al);
|
||||
+ useTcp = 1;
|
||||
+ continue;
|
||||
+ default:
|
||||
+ break;
|
||||
+ }
|
||||
+ }
|
||||
break;
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user