Fix sequence # bugs that impede single-connection mode sessions

Don't check the sequence # as being 1. Check it instead as being a match for the associated session, and have the session start at 1 on a new connection.
pprindeville · Dec 13, 2016 · b71502f · b71502f
1 parent da66077
commit b71502f
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 10 deletions.
diff --git a/authen.c b/authen.c
@@ -47,10 +47,11 @@ authen(u_char *pak)
 	return;
     }
 
-    if ((hdr->seq_no != 1) ||
-	(ntohl(hdr->datalength) != (unsigned)(TAC_AUTHEN_START_FIXED_FIELDS_SIZE +
-	 start->user_len + start->port_len + start->rem_addr_len +
-	 start->data_len))) {
+    /* don't need to check seq_no because read_packet() does that */
+
+    if (ntohl(hdr->datalength) != (unsigned)(TAC_AUTHEN_START_FIXED_FIELDS_SIZE +
+	start->user_len + start->port_len + start->rem_addr_len +
+	start->data_len)) {
 	send_authen_error("Invalid AUTHEN/START packet (check keys)");
 	return;
     }

diff --git a/author.c b/author.c
@@ -45,11 +45,7 @@ author(u_char *pak)
     hdr = (HDR *)pak;
     apak = (struct author *)(pak + TAC_PLUS_HDR_SIZE);
 
-    /* Do some sanity checks */
-    if (hdr->seq_no != 1) {
-	send_error_reply(TAC_PLUS_AUTHOR, NULL);
-	return;
-    }
+    /* don't need to check seq_no because read_packet() does that */
 
     /* Check if there's at least sizeof(struct author) of useful data */
     if (ntohl(hdr->datalength) < TAC_AUTHOR_REQ_FIXED_FIELDS_SIZE) {

diff --git a/tac_plus.c b/tac_plus.c
@@ -823,8 +823,13 @@ start_session(void)
     u_char *pak;
     HDR *hdr;
 
+    /* if the session has TAC_PLUS_SINGLE_CONNECT_FLAG set, then
+     * we'll see the sequence # increase monotonically with each
+     * transaction until the session terminates.
+     */
+    session.seq_no = 0;
+
     do {
-	session.seq_no = 0;
 	session.aborted = 0;
 	session.version = 0;