diff options
| author | Sam Hartman <hartmans@mit.edu> | 2010-10-01 17:12:41 +0000 |
|---|---|---|
| committer | Sam Hartman <hartmans@mit.edu> | 2010-10-01 17:12:41 +0000 |
| commit | 451814cb328d2c8f135aba7214d93d9a1c3d5acc (patch) | |
| tree | 94393cef860001fe70da703ee2c7d65891dd249e /src/lib | |
| parent | edec1fa69714ed4d97197dc7ed81aeb93f8aebb3 (diff) | |
Add an error to be returned by a preauth mechanism indicating that the KDC should not respond to a packet
* Do not generate an error response in this case
* Drop a TCP connection if we are not going to respond to it.
kdc: add KRB5KDC_ERR_DISCARD
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24406 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/apputils/net-server.c | 2 | ||||
| -rw-r--r-- | src/lib/krb5/error_tables/k5e1_err.et | 2 |
2 files changed, 3 insertions, 1 deletions
diff --git a/src/lib/apputils/net-server.c b/src/lib/apputils/net-server.c index 9d3daea40e..c63ab8e36b 100644 --- a/src/lib/apputils/net-server.c +++ b/src/lib/apputils/net-server.c @@ -1759,6 +1759,8 @@ process_tcp_connection(void *handle, struct connection *conn, const char *prog, com_err(prog, err, "while dispatching (tcp)"); goto kill_tcp_connection; } + if (conn->u.tcp.response == NULL) + goto kill_tcp_connection; have_response: queue_tcp_outgoing_response(conn); FD_CLR(conn->fd, &sstate.rfds); diff --git a/src/lib/krb5/error_tables/k5e1_err.et b/src/lib/krb5/error_tables/k5e1_err.et index 7fe4cc6fc4..af28710498 100644 --- a/src/lib/krb5/error_tables/k5e1_err.et +++ b/src/lib/krb5/error_tables/k5e1_err.et @@ -33,5 +33,5 @@ error_table k5e1 error_code KRB5_PLUGIN_VER_NOTSUPP, "Plugin does not support interface version" error_code KRB5_PLUGIN_BAD_MODULE_SPEC, "Invalid module specifier" error_code KRB5_PLUGIN_NAME_NOTFOUND, "Plugin module name not found" - +error_code KRB5KDC_ERR_DISCARD, "The KDC should discard this request" end |