diff options
| author | Jeffrey Altman <jaltman@secure-endpoints.com> | 2000-03-24 22:02:59 +0000 |
|---|---|---|
| committer | Jeffrey Altman <jaltman@secure-endpoints.com> | 2000-03-24 22:02:59 +0000 |
| commit | f4376f4d0b68a4fd8285ad5aa44bee148f646491 (patch) | |
| tree | cd3e5b794bc5aa2fb5743db6ab29d742bf030b99 /src/lib/krb5/os/sendto_kdc.c | |
| parent | 97971c69b9389be08b7e9ffb742ca35f3706b3af (diff) | |
| download | krb5-f4376f4d0b68a4fd8285ad5aa44bee148f646491.tar.gz krb5-f4376f4d0b68a4fd8285ad5aa44bee148f646491.tar.xz krb5-f4376f4d0b68a4fd8285ad5aa44bee148f646491.zip | |
jaltman@columbia.edu Mar 24, 2000:
In 1.0.6, the code was altered to provide a fallback mechanism to
try the "master" kdc's in case the normal kdc's did not have the
most up to date password information. The original implementation
had significant conflicts with the use of DNS SRV records. In
addition, it often performed a lot of unneeded work.
The new code still performs a fallback to the "master" kdc but
only does the computation of the "master kdc list" if we are
in fact going to attempt to use a master.
For DNS SRV we introduce a new _kerberos-master.<proto>.<REALM>
record to list the master kdc's and the priorities to be used
when contacting a master. This allows for a multi-tiered implementation.
---
The other change is local to krb/get_in_tkt.c. In preparation for
adding public krb5_appdefault_boolean and krb5_appdefault_string
functions, the static functions by that name in get_in_tkt.c are
renamed to krb5_libdefault_xxxxx since they currently access the
[libdefault] section of the code.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12137 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/krb5/os/sendto_kdc.c')
| -rw-r--r-- | src/lib/krb5/os/sendto_kdc.c | 27 |
1 files changed, 5 insertions, 22 deletions
diff --git a/src/lib/krb5/os/sendto_kdc.c b/src/lib/krb5/os/sendto_kdc.c index 01b797e70..241ffbcbd 100644 --- a/src/lib/krb5/os/sendto_kdc.c +++ b/src/lib/krb5/os/sendto_kdc.c @@ -60,16 +60,16 @@ extern int krb5_skdc_timeout_shift; extern int krb5_skdc_timeout_1; krb5_error_code -krb5_sendto_kdc (context, message, realm, reply, master) +krb5_sendto_kdc (context, message, realm, reply, use_master) krb5_context context; const krb5_data * message; const krb5_data * realm; krb5_data * reply; - int *master; + int use_master; { register int timeout, host, i; struct sockaddr *addr; - int naddr, master_index, nmasters; + int naddr; int sent, nready; krb5_error_code retval; SOCKET *socklist; @@ -81,14 +81,10 @@ krb5_sendto_kdc (context, message, realm, reply, master) * find KDC location(s) for realm */ - if (retval = krb5_locate_kdc (context, realm, &addr, &naddr, - master?&master_index:NULL, - master?&nmasters:NULL)) + if (retval = krb5_locate_kdc(context, realm, &addr, &naddr, use_master)) return retval; if (naddr == 0) - return KRB5_REALM_UNKNOWN; - if (master && (*master == 1) && (nmasters == 0)) - return KRB5_KDC_UNREACH; + return (use_master ? KRB5_KDC_UNREACH : KRB5_REALM_UNKNOWN); socklist = (SOCKET *)malloc(naddr * sizeof(SOCKET)); if (socklist == NULL) { @@ -128,12 +124,6 @@ krb5_sendto_kdc (context, message, realm, reply, master) timeout <<= krb5_skdc_timeout_shift) { sent = 0; for (host = 0; host < naddr; host++) { - /* if a master kdc is required, skip the non-master kdc's */ - - if (master && (*master == 1) && - ((host < master_index) || (host >= (master_index+nmasters)))) - continue; - /* send to the host, wait timeout seconds for a response, then move on. */ /* cache some sockets for each host */ @@ -210,13 +200,6 @@ krb5_sendto_kdc (context, message, realm, reply, master) reply->length = cc; retval = 0; - - /* if the caller asked to be informed if it - got a master kdc, tell it */ - if (master) - *master = ((host >= master_index) && - (host < (master_index+nmasters))); - goto out; } else if (nready == 0) { /* timeout */ |