[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Tue Jun 16 18:35:05 MDT 2015
The branch, master has been updated
via 12079b4 heimdal: fix endless loop for specific KDC error code
from cf59815 lib: Fix CID 1306765 Unchecked return value from library
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 12079b412d0c4467980f7cce48c16edf4c86bcf5
Author: Uri Simchoni <urisimchoni at gmail.com>
Date: Mon Jun 15 22:33:28 2015 +0300
heimdal: fix endless loop for specific KDC error code
When sending a Kerberos request, if at least one of the available
KDCs repeatedly replies with an error response of
KRB5KDC_ERR_SVC_UNAVAILABLE, and all other KDCs, if there are any,
do not reply at all or cannot be contacted, then the code repeatedly
retries to send the request in an endless loop.
This is fixed in upstream (post 1.5 branch) heimdal but the code
there is vastly refactored, so this is an independent fix to the issue.
Signed-off-by: Uri Simchoni <urisimchoni at gmail.com>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Jun 17 02:34:31 CEST 2015 on sn-devel-104
-----------------------------------------------------------------------
Summary of changes:
source4/heimdal/lib/krb5/krbhst.c | 16 ++++++++++++++++
source4/heimdal/lib/krb5/send_to_kdc.c | 3 ++-
2 files changed, 18 insertions(+), 1 deletion(-)
Changeset truncated at 500 lines:
diff --git a/source4/heimdal/lib/krb5/krbhst.c b/source4/heimdal/lib/krb5/krbhst.c
index 3242cdb..9822bfb 100644
--- a/source4/heimdal/lib/krb5/krbhst.c
+++ b/source4/heimdal/lib/krb5/krbhst.c
@@ -157,6 +157,7 @@ struct krb5_krbhst_data {
krb5_krbhst_info**);
unsigned int fallback_count;
+ unsigned int try_count;
struct krb5_krbhst_info *hosts, **index, **end;
};
@@ -1011,6 +1012,21 @@ krb5_krbhst_free(krb5_context context, krb5_krbhst_handle handle)
free(handle);
}
+void KRB5_LIB_FUNCTION
+krb5_krbhst_retry(krb5_context context, krb5_krbhst_handle handle)
+{
+ ++handle->try_count;
+}
+
+krb5_boolean KRB5_LIB_FUNCTION
+krb5_krbhst_retry_exceeded(krb5_context context, krb5_krbhst_handle handle)
+{
+ if (handle->try_count >= context->max_retries)
+ return TRUE;
+ else
+ return FALSE;
+}
+
/* backwards compatibility ahead */
static krb5_error_code
diff --git a/source4/heimdal/lib/krb5/send_to_kdc.c b/source4/heimdal/lib/krb5/send_to_kdc.c
index edf1d33..ee8f6aa 100644
--- a/source4/heimdal/lib/krb5/send_to_kdc.c
+++ b/source4/heimdal/lib/krb5/send_to_kdc.c
@@ -375,7 +375,7 @@ krb5_sendto (krb5_context context,
krb5_data_zero(receive);
- for (i = 0; i < context->max_retries; ++i) {
+ while (!krb5_krbhst_retry_exceeded(context, handle)) {
krb5_krbhst_info *hi;
while (krb5_krbhst_next(context, handle, &hi) == 0) {
@@ -443,6 +443,7 @@ krb5_sendto (krb5_context context,
}
}
krb5_krbhst_reset(context, handle);
+ krb5_krbhst_retry(context, handle);
}
krb5_clear_error_message (context);
ret = KRB5_KDC_UNREACH;
--
Samba Shared Repository
More information about the samba-cvs
mailing list