rpms/krb5
7
0
Fork 0
Code Issues Pull Requests Releases Activity
8a5a8d492c
krb5/krb5-master-init_referral.patch
Nalin Dahyabhai 202006a85f Pull a fix for kinit going on an only-masters path 
- pull in proposed fix for attempts to get initial creds, which end up
  following referrals, incorrectly trying to always use master KDCs if
  they talked to a master at any point (should fix RT#7650)
2013-05-30 12:32:10 -04:00

48 lines
1.6 KiB
Diff
Raw Blame History

commit 7265334161620af3797c4431eeb5c7a2a9aeba89
Author: Greg Hudson <ghudson@mit.edu>
Date: Thu May 30 11:39:54 2013 -0400
Properly handle use_master in k5_init_creds_get
If we make multiple requests in an initial creds exchange, the
krb5_sendto_kdc call in k5_init_creds_get may flip the use_master
value from 0 to 1 if it detects that the response was from a master
KDC. Don't turn this into a requirement for future requests during
the same exchange, or we may have trouble following AS referrals.
Reported by Sumit Bose.
ticket: 7650
diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c
index 20bc689..ff455d3 100644
--- a/src/lib/krb5/krb/get_in_tkt.c
+++ b/src/lib/krb5/krb/get_in_tkt.c
@@ -521,7 +521,7 @@ k5_init_creds_get(krb5_context context, krb5_init_creds_context ctx,
krb5_data reply;
krb5_data realm;
unsigned int flags = 0;
- int tcp_only = 0;
+ int tcp_only = 0, master = *use_master;
request.length = 0;
request.data = NULL;
@@ -545,8 +545,9 @@ k5_init_creds_get(krb5_context context, krb5_init_creds_context ctx,
krb5_free_data_contents(context, &reply);
+ master = *use_master;
code = krb5_sendto_kdc(context, &request, &realm,
- &reply, use_master, tcp_only);
+ &reply, &master, tcp_only);
if (code != 0)
break;
@@ -558,6 +559,7 @@ k5_init_creds_get(krb5_context context, krb5_init_creds_context ctx,
krb5_free_data_contents(context, &reply);
krb5_free_data_contents(context, &realm);
+ *use_master = master;
return code;
}
Reference in New Issue View Git Blame Copy Permalink