diff options
author | Ken Raeburn <raeburn@mit.edu> | 2002-06-11 01:13:50 +0000 |
---|---|---|
committer | Ken Raeburn <raeburn@mit.edu> | 2002-06-11 01:13:50 +0000 |
commit | be06504583c6730f986887cd95955ede088c974a (patch) | |
tree | 714b20dfa054221c47b313d82fce7d86d1f86f9f /src/lib/krb5/krb | |
parent | 714eaa92851fba3afaf515deda7b26a92360e0a7 (diff) | |
download | krb5-be06504583c6730f986887cd95955ede088c974a.tar.gz krb5-be06504583c6730f986887cd95955ede088c974a.tar.xz krb5-be06504583c6730f986887cd95955ede088c974a.zip |
client-side TCP support
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14492 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/krb5/krb')
-rw-r--r-- | src/lib/krb5/krb/ChangeLog | 9 | ||||
-rw-r--r-- | src/lib/krb5/krb/get_in_tkt.c | 21 | ||||
-rw-r--r-- | src/lib/krb5/krb/send_tgs.c | 24 |
3 files changed, 43 insertions, 11 deletions
diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog index 563cf8f90..68a0a5d67 100644 --- a/src/lib/krb5/krb/ChangeLog +++ b/src/lib/krb5/krb/ChangeLog @@ -1,3 +1,12 @@ +2002-06-10 Ken Raeburn <raeburn@mit.edu> + + * get_in_tkt.c (send_as_request): Update arg list for + sendto_kdc. If a RESPONSE_TOO_BIG error is returned from the KDC, + use a TCP connection. + * send_tgs.c (krb5_send_tgs): Update arg list for sendto_kdc. If + a RESPONSE_TOO_BIG error is returned from the KDC, use a TCP + connection. + 2002-04-12 Ezra Peisach <epeisach@bu.edu> * Makefile.in (clean): Remove t_expand and t_expand.o diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c index d6e469d8d..7d8ff93cb 100644 --- a/src/lib/krb5/krb/get_in_tkt.c +++ b/src/lib/krb5/krb/get_in_tkt.c @@ -96,9 +96,10 @@ send_as_request(context, request, time_now, ret_err_reply, ret_as_reply, { krb5_kdc_rep *as_reply = 0; krb5_error_code retval; - krb5_data *packet; + krb5_data *packet = 0; krb5_data reply; char k4_version; /* same type as *(krb5_data::data) */ + int tcp_only = 0; reply.data = 0; @@ -116,10 +117,10 @@ send_as_request(context, request, time_now, ret_err_reply, ret_as_reply, goto cleanup; k4_version = packet->data[0]; +send_again: retval = krb5_sendto_kdc(context, packet, krb5_princ_realm(context, request->client), - &reply, use_master); - krb5_free_data(context, packet); + &reply, use_master, tcp_only); if (retval) goto cleanup; @@ -131,9 +132,17 @@ send_as_request(context, request, time_now, ret_err_reply, ret_as_reply, /* some other error code--??? */ goto cleanup; - if (ret_err_reply) + if (ret_err_reply) { + if (err_reply->error == KRB_ERR_RESPONSE_TOO_BIG + && tcp_only == 0) { + tcp_only = 1; + krb5_free_error(context, err_reply); + free(reply.data); + reply.data = 0; + goto send_again; + } *ret_err_reply = err_reply; - else + } else krb5_free_error(context, err_reply); goto cleanup; } @@ -181,6 +190,8 @@ send_as_request(context, request, time_now, ret_err_reply, ret_as_reply, krb5_free_kdc_rep(context, as_reply); cleanup: + if (packet) + krb5_free_data(context, packet); if (reply.data) free(reply.data); return retval; diff --git a/src/lib/krb5/krb/send_tgs.c b/src/lib/krb5/krb/send_tgs.c index 341296cb3..05c4b6322 100644 --- a/src/lib/krb5/krb/send_tgs.c +++ b/src/lib/krb5/krb/send_tgs.c @@ -149,6 +149,7 @@ krb5_send_tgs(context, kdcoptions, timestruct, ktypes, sname, addrs, krb5_timestamp time_now; krb5_pa_data **combined_padata; krb5_pa_data ap_req_padata; + int tcp_only = 0; /* * in_creds MUST be a valid credential NOT just a partially filled in @@ -270,15 +271,27 @@ krb5_send_tgs(context, kdcoptions, timestruct, ktypes, sname, addrs, krb5_xfree(combined_padata); /* now send request & get response from KDC */ +send_again: retval = krb5_sendto_kdc(context, scratch, krb5_princ_realm(context, sname), - &rep->response, 0); - krb5_free_data(context, scratch); - + &rep->response, 0, tcp_only); if (retval == 0) { - if (krb5_is_tgs_rep(&rep->response)) + if (krb5_is_krb_error(&rep->response)) { + if (!tcp_only) { + krb5_error *err_reply; + retval = decode_krb5_error(&rep->response, &err_reply); + if (err_reply->error == KRB_ERR_RESPONSE_TOO_BIG) { + tcp_only = 1; + krb5_free_error(context, err_reply); + free(rep->response.data); + rep->response.data = 0; + goto send_again; + } + krb5_free_error(context, err_reply); + } + } else if (krb5_is_tgs_rep(&rep->response)) rep->message_type = KRB5_TGS_REP; - else /* assume it's an error */ + else /* XXX: assume it's an error */ rep->message_type = KRB5_ERROR; } @@ -295,6 +308,5 @@ send_tgs_error_1:; krb5_xfree(tgsreq.authorization_data.ciphertext.data); } - return retval; } |