Skip to content

Commit

Permalink
Properly handle use_master in k5_init_creds_get
Browse files Browse the repository at this point in the history 
If we make multiple requests in an initial creds exchange, the
krb5_sendto_kdc call in k5_init_creds_get may flip the use_master
value from 0 to 1 if it detects that the response was from a master
KDC.  Don't turn this into a requirement for future requests during
the same exchange, or we may have trouble following AS referrals.
Reported by Sumit Bose.

ticket: 7650
  • Loading branch information
@greghudson
greghudson committed May 31, 2013
1 parent 3db9bde commit a12a5dd
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions src/lib/krb5/krb/get_in_tkt.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -521,7 +521,7 @@ k5_init_creds_get(krb5_context context, krb5_init_creds_context ctx,
krb5_data reply;
krb5_data realm;
unsigned int flags = 0;
int tcp_only = 0;
int tcp_only = 0, master = *use_master;

request.length = 0;
request.data = NULL;
Expand All @@ -545,8 +545,9 @@ k5_init_creds_get(krb5_context context, krb5_init_creds_context ctx,

krb5_free_data_contents(context, &reply);

master = *use_master;
code = krb5_sendto_kdc(context, &request, &realm,
&reply, use_master, tcp_only);
&reply, &master, tcp_only);
if (code != 0)
break;

Expand All @@ -558,6 +559,7 @@ k5_init_creds_get(krb5_context context, krb5_init_creds_context ctx,
krb5_free_data_contents(context, &reply);
krb5_free_data_contents(context, &realm);

*use_master = master;
return code;
}

Expand Down

0 comments on commit a12a5dd

Please sign in to comment.