summaryrefslogtreecommitdiffstats
path: root/krb5-1.10-kpasswd_tcp.patch
blob: fd8da8e58550a0aa31d60051664df79fa8c32930 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
Fall back to TCP on kdc-unresolvable/unreachable errors.  We still have
to wait for UDP to fail, so this might not be ideal.  RT #5868.

--- krb5/src/lib/krb5/os/changepw.c
+++ krb5/src/lib/krb5/os/changepw.c
@@ -270,10 +270,22 @@ change_set_password(krb5_context context
                          &callback_info, &chpw_rep, ss2sa(&remote_addr),
                          &addrlen, NULL, NULL, NULL);
         if (code) {
-            /*
-             * Here we may want to switch to TCP on some errors.
-             * right?
-             */
+            /* if we're not using a stream socket, and it's an error which
+             * might reasonably be specific to a datagram "connection", try
+             * again with a stream socket */
+            if (!use_tcp) {
+                switch (code) {
+                case KRB5_KDC_UNREACH:
+                case KRB5_REALM_CANT_RESOLVE:
+                case KRB5KRB_ERR_RESPONSE_TOO_BIG:
+                /* should we do this for more result codes than these? */
+                    k5_free_serverlist (&sl);
+                    use_tcp = 1;
+                    continue;
+                default:
+                    break;
+                }
+            }
             break;
         }