[16894] in Kerberos-V5-bugs
[krbdev.mit.edu #7721] git commit
daemon@ATHENA.MIT.EDU (Greg Hudson via RT)
Sun Jul 16 19:00:15 2023
From: "Greg Hudson via RT" <rt@krbdev.mit.edu>
In-Reply-To:
Message-ID: <rt-4.4.3-2-2845501-1689548407-1746.7721-5-0@mit.edu>
To: "AdminCc of krbdev.mit.edu Ticket #7721":;
Date: Sun, 16 Jul 2023 19:00:07 -0400
MIME-Version: 1.0
Reply-To: rt@krbdev.mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
<URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=7721 >
Defer primary KDC lookups
Add an internal variant of krb5_sendto_kdc() which records the
answering KDC in a list. Callers can check the list for replica KDC
use after the success or failure of the KDC exchange is determined,
avoiding DNS queries for the primary KDCs in many common cases and
using fewer DNS queries in other cases.
Perform the fallback in k5_get_init_creds() rather than
krb5_get_init_creds_password(). For now we must additionally perform
the fallback in krb5_get_init_creds_keytab() as it does not use
k5_get_init_creds().
Preserve the current signature of krb5_sendto_kdc() (it is used within
the tree outside of libkrb5, and might be used by other software
despite being non-public), but remove the behavior of setting
*use_primary.
https://github.com/krb5/krb5/commit/fabbf11f457a84904a5fa251584fd660a52fa583
Author: Greg Hudson <ghudson@mit.edu>
Commit: fabbf11f457a84904a5fa251584fd660a52fa583
Branch: master
src/include/k5-trace.h | 6 +-
src/lib/krb5/krb/gc_via_tkt.c | 12 +--
src/lib/krb5/krb/get_creds.c | 11 ++-
src/lib/krb5/krb/get_etype_info.c | 14 ++--
src/lib/krb5/krb/get_in_tkt.c | 87 ++++++++++++++++------
src/lib/krb5/krb/gic_keytab.c | 23 +++---
src/lib/krb5/krb/gic_pwd.c | 73 +++---------------
src/lib/krb5/krb/in_tkt_sky.c | 4 +-
src/lib/krb5/krb/int-proto.h | 8 +-
src/lib/krb5/os/locate_kdc.c | 152 +++++++++++++++++++++++++++++++++++---
src/lib/krb5/os/os-proto.h | 24 +++++-
src/lib/krb5/os/sendto_kdc.c | 46 ++++++------
src/tests/Makefile.in | 1 +
src/tests/t_sendto_kdc.py | 28 +++++++
14 files changed, 329 insertions(+), 160 deletions(-)
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
