commit a12a5ddb9b932061bad7b83df058c7c6e2e4b044 Author: Greg Hudson Date: Thu May 30 11:39:54 2013 -0400 Properly handle use_master in k5_init_creds_get If we make multiple requests in an initial creds exchange, the krb5_sendto_kdc call in k5_init_creds_get may flip the use_master value from 0 to 1 if it detects that the response was from a master KDC. Don't turn this into a requirement for future requests during the same exchange, or we may have trouble following AS referrals. Reported by Sumit Bose. ticket: 7650 diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c index 20bc689..ff455d3 100644 --- a/src/lib/krb5/krb/get_in_tkt.c +++ b/src/lib/krb5/krb/get_in_tkt.c @@ -521,7 +521,7 @@ k5_init_creds_get(krb5_context context, krb5_init_creds_context ctx, krb5_data reply; krb5_data realm; unsigned int flags = 0; - int tcp_only = 0; + int tcp_only = 0, master = *use_master; request.length = 0; request.data = NULL; @@ -545,8 +545,9 @@ k5_init_creds_get(krb5_context context, krb5_init_creds_context ctx, krb5_free_data_contents(context, &reply); + master = *use_master; code = krb5_sendto_kdc(context, &request, &realm, - &reply, use_master, tcp_only); + &reply, &master, tcp_only); if (code != 0) break; @@ -558,6 +559,7 @@ k5_init_creds_get(krb5_context context, krb5_init_creds_context ctx, krb5_free_data_contents(context, &reply); krb5_free_data_contents(context, &realm); + *use_master = master; return code; }