[29434] in CVS-changelog-for-Kerberos-V5
krb5 commit: Fix use_master handling with KDC hook reply
daemon@ATHENA.MIT.EDU (Greg Hudson)
Mon Jun 13 10:53:50 2016
Date: Mon, 13 Jun 2016 10:53:46 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201606131453.u5DErkvW019514@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/603a14f9eb8a81556502fcdc5fac65f0d4f323dc
commit 603a14f9eb8a81556502fcdc5fac65f0d4f323dc
Author: Greg Hudson <ghudson@mit.edu>
Date: Thu Jun 9 13:23:48 2016 -0400
Fix use_master handling with KDC hook reply
A post-receive KDC hook may synthesize a reply if k5_sendto() returns
an error. If this happens, krb5_sendto_kdc() must not use server_used
to check if the reply came from a master KDC, as it does not have a
valid value. Preemptively set *use_master to 1 in this case to bypass
the check.
ticket: 8386
src/lib/krb5/os/sendto_kdc.c | 9 ++++++++-
1 files changed, 8 insertions(+), 1 deletions(-)
diff --git a/src/lib/krb5/os/sendto_kdc.c b/src/lib/krb5/os/sendto_kdc.c
index 1e50575..d82b0cb 100644
--- a/src/lib/krb5/os/sendto_kdc.c
+++ b/src/lib/krb5/os/sendto_kdc.c
@@ -431,7 +431,7 @@ krb5_sendto_kdc(krb5_context context, const krb5_data *message,
const krb5_data *realm, krb5_data *reply_out, int *use_master,
int no_udp)
{
- krb5_error_code retval, err;
+ krb5_error_code retval, oldret, err;
struct serverlist servers;
int server_used;
k5_transport_strategy strategy;
@@ -514,9 +514,16 @@ krb5_sendto_kdc(krb5_context context, const krb5_data *message,
}
if (context->kdc_recv_hook != NULL) {
+ oldret = retval;
retval = context->kdc_recv_hook(context, context->kdc_recv_hook_data,
retval, realm, message, &reply,
&hook_reply);
+ if (oldret && !retval) {
+ /* The hook must set a reply if it overrides an error from
+ * k5_sendto(). Treat this reply as coming from the master KDC. */
+ assert(hook_reply != NULL);
+ *use_master = 1;
+ }
}
if (retval)
goto cleanup;
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5