svn rev #21686: branches/mskrb-integ/src/lib/krb5/krb/

hartmans@MIT.EDU hartmans at MIT.EDU
Sat Jan 3 16:43:05 EST 2009 

http://src.mit.edu/fisheye/changelog/krb5/?cs=21686
Commit By: hartmans
Log Message:
Revert "integrate Novell patch to always try referrals - I have not reviewed"

Tom indicates he has a similar patch  that has been tested.


Changed Files:
U   branches/mskrb-integ/src/lib/krb5/krb/gc_frm_kdc.c
Modified: branches/mskrb-integ/src/lib/krb5/krb/gc_frm_kdc.c
===================================================================
--- branches/mskrb-integ/src/lib/krb5/krb/gc_frm_kdc.c	2009-01-03 20:22:50 UTC (rev 21685)
+++ branches/mskrb-integ/src/lib/krb5/krb/gc_frm_kdc.c	2009-01-03 21:43:04 UTC (rev 21686)
@@ -780,11 +780,9 @@
     krb5_error_code retval, subretval;
     krb5_principal client, server, supplied_server, out_supplied_server;
     krb5_creds tgtq, cc_tgt, *tgtptr, *referral_tgts[KRB5_REFERRAL_MAXHOPS];
-    krb5_creds *tmp_tgts[KRB5_REFERRAL_MAXHOPS];
     krb5_boolean old_use_conf_ktypes;
     char **hrealms;
-    int tmp_tgt_count, referral_count, i, new_tgt_count;
-    krb5_boolean done_retry_with_referrals = FALSE;
+    unsigned int referral_count, i;
 
     /* 
      * Set up client and server pointers.  Make a fresh and modifyable
@@ -807,14 +805,12 @@
     memset(&cc_tgt, 0, sizeof(cc_tgt));
     memset(&tgtq, 0, sizeof(tgtq));
     memset(&referral_tgts, 0, sizeof(referral_tgts));
-    memset(&tmp_tgts, 0, sizeof(tmp_tgts));
 
     tgtptr = NULL;
     *tgts = NULL;
     *out_cred=NULL;
     old_use_conf_ktypes = context->use_conf_ktypes;
 
-retry_using_referrals:
     /* Copy client realm to server if no hint. */
     if (krb5_is_referral_realm(&server->realm)) {
         /* Use the client realm. */
@@ -847,21 +843,6 @@
 		 "initial TGT for referral\n"));
 	retval = do_traversal(context, ccache, client, server,
 			      &cc_tgt, &tgtptr, tgts);
-	if (retval
-	    && done_retry_with_referrals == FALSE
-	    && !krb5_is_referral_realm(&supplied_server->realm)) {
-	    krb5_free_cred_contents(context, &tgtq);
-	    memset(&tgtq, 0, sizeof(tgtq));
-	    if (tgtptr == &cc_tgt) {
-		krb5_free_cred_contents(context, tgtptr);
-		memset(&cc_tgt, 0, sizeof(cc_tgt));
-		tgtptr = NULL;
-	    }
-	    krb5_free_data_contents(context, &server->realm);
-	    server->realm.length = 0;
-	    done_retry_with_referrals = TRUE;
-	    goto retry_using_referrals;
-	}
     }
     if (retval) {
         DPRINTF(("gc_from_kdc: failed to find initial TGT for referral\n"));
@@ -876,7 +857,7 @@
      * path, otherwise fall back to old-style assumptions.
      */
 
-    for (referral_count = 0, new_tgt_count = 0, tmp_tgt_count = 0;
+    for (referral_count = 0;
 	 referral_count < KRB5_REFERRAL_MAXHOPS;
 	 referral_count++) {
 #if 0
@@ -962,7 +943,11 @@
 	    DUMP_PRINC("gc_from_kdc credential received",
 		       (*out_cred)->server);
 
-	    r1 = &tgtptr->server->data[1];
+	    if (referral_count == 0)
+		r1 = &tgtptr->server->data[1];
+	    else
+		r1 = &referral_tgts[referral_count-1]->server->data[1];
+
 	    r2 = &(*out_cred)->server->data[1];
 	    if (data_eq(*r1, *r2)) {
 		DPRINTF(("gc_from_kdc: referred back to "
@@ -972,7 +957,7 @@
 		break;
 	    }
 	    /* Check for referral routing loop. */
-	    for (i=0;i<new_tgt_count;i++) {
+	    for (i=0;i<referral_count;i++) {
 #if 0
 		DUMP_PRINC("gc_from_kdc: loop compare #1",
 			   (*out_cred)->server);
@@ -990,36 +975,12 @@
 		    goto cleanup;
 		}
 	    }
-	    for (i=0;i<tmp_tgt_count;i++) {
-		if (krb5_principal_compare(context,
-					   (*out_cred)->server,
-					   tmp_tgts[i]->server)) {
-			DFPRINTF((stderr,
-				  "krb5_get_cred_from_kdc_opt: "
-				  "referral routing loop - "
-				  "got referral back to hop #%d\n", i));
-			retval=KRB5_KDC_UNREACH;
-			goto cleanup;
-		}
-	    }
 	    /* Point current tgt pointer at newly-received TGT. */
 	    if (tgtptr == &cc_tgt)
 		krb5_free_cred_contents(context, tgtptr);
-	    memset(&cc_tgt, 0, sizeof(cc_tgt));
-	    retval = krb5_cc_retrieve_cred(context, ccache, RETR_FLAGS,
-					   *out_cred, &cc_tgt);
-	    if (!retval) {
-		tgtptr = &cc_tgt;
-		tmp_tgts[tmp_tgt_count] = *out_cred;
-		tmp_tgt_count++;
-		*out_cred = NULL;
-	    }
-	    if (*out_cred != NULL) {
-		tgtptr=*out_cred;
-		/* Save pointer to tgt in referral_tgts. */
-		referral_tgts[new_tgt_count]=*out_cred;
-		new_tgt_count++;
-	    }
+	    tgtptr=*out_cred;
+	    /* Save pointer to tgt in referral_tgts. */
+	    referral_tgts[referral_count]=*out_cred;
 	    /* Copy krbtgt realm to server principal. */
 	    krb5_free_data_contents(context, &server->realm);
 	    retval = krb5int_copy_data_contents(context,
@@ -1199,11 +1160,6 @@
 	    krb5_free_creds(context, referral_tgts[i]);
 	}
     }
-    for (i=0;i<tmp_tgt_count;i++) {
-	if(tmp_tgts[i]) {
-	    krb5_free_creds(context, tmp_tgts[i]);
-	}
-    }
     DPRINTF(("gc_from_kdc finishing with %s\n",
 	     retval ? error_message(retval) : "no error"));
     return retval;

More information about the cvs-krb5 mailing list