* conv_creds.c (krb524_convert_creds_kdc): loop through all of the

	addresses returned by krb5_locate_kdc, don't just try the first one.
	* krb524d.c (do_connection): check for particular failures of
	decode_krb5_ticket, as well as for messages that are one int long
	(which will eliminate our own error replies.)

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7095 dc483132-0cff-0310-8789-dd5450dbe970

1 files changed, 21 insertions, 4 deletions

diff --git a/src/krb524/conv_creds.c b/src/krb524/conv_creds.c
index cd62d4cb1..5ab295f2b 100644
--- a/src/krb524/conv_creds.c
+++ b/src/krb524/conv_creds.c
@@ -58,7 +58,7 @@ int krb524_convert_creds_kdc(context, v5creds, v4creds)
      CREDENTIALS *v4creds;
 {
      struct sockaddr_in *addrs;
-     int ret, naddrs;
+     int ret, naddrs, i;
 
      if ((ret = krb5_locate_kdc(context, &v5creds->server->realm, &addrs,
 			       &naddrs)))
@@ -66,9 +66,26 @@ int krb524_convert_creds_kdc(context, v5creds, v4creds)
      if (naddrs == 0)
 	  ret = KRB5_KDC_UNREACH;
      else {
-	  addrs[0].sin_port = 0; /* use krb524 default port */
-	  ret = krb524_convert_creds_addr(context, v5creds, v4creds,
-					  (struct sockaddr *) &addrs[0]);
+          for (i = 0; i<naddrs; i++) {
+	    addrs[i].sin_port = 0; /* use krb524 default port */
+	    ret = krb524_convert_creds_addr(context, v5creds, v4creds,
+					    (struct sockaddr *) &addrs[i]);
+	    /* stop trying on success */
+	    if (!ret) break;
+	    switch(ret) {
+	    case ECONNREFUSED:
+	    case ENETUNREACH:
+	    case ENETDOWN:
+	    case ETIMEDOUT:
+	    case EHOSTDOWN:
+	    case EHOSTUNREACH:
+	      continue;
+	    default:
+	      break;		/* out of switch */
+	    }
+	    /* if we fall through to here, it wasn't an "ok" error */
+	    break;
+	  }
      }
      
      free(addrs);