krb5 commit: Fix use_master handling with KDC hook reply
Greg Hudson
ghudson at mit.edu
Mon Jun 13 10:53:46 EDT 2016
https://github.com/krb5/krb5/commit/603a14f9eb8a81556502fcdc5fac65f0d4f323dc
commit 603a14f9eb8a81556502fcdc5fac65f0d4f323dc
Author: Greg Hudson <ghudson at mit.edu>
Date: Thu Jun 9 13:23:48 2016 -0400
Fix use_master handling with KDC hook reply
A post-receive KDC hook may synthesize a reply if k5_sendto() returns
an error. If this happens, krb5_sendto_kdc() must not use server_used
to check if the reply came from a master KDC, as it does not have a
valid value. Preemptively set *use_master to 1 in this case to bypass
the check.
ticket: 8386
src/lib/krb5/os/sendto_kdc.c | 9 ++++++++-
1 files changed, 8 insertions(+), 1 deletions(-)
diff --git a/src/lib/krb5/os/sendto_kdc.c b/src/lib/krb5/os/sendto_kdc.c
index 1e50575..d82b0cb 100644
--- a/src/lib/krb5/os/sendto_kdc.c
+++ b/src/lib/krb5/os/sendto_kdc.c
@@ -431,7 +431,7 @@ krb5_sendto_kdc(krb5_context context, const krb5_data *message,
const krb5_data *realm, krb5_data *reply_out, int *use_master,
int no_udp)
{
- krb5_error_code retval, err;
+ krb5_error_code retval, oldret, err;
struct serverlist servers;
int server_used;
k5_transport_strategy strategy;
@@ -514,9 +514,16 @@ krb5_sendto_kdc(krb5_context context, const krb5_data *message,
}
if (context->kdc_recv_hook != NULL) {
+ oldret = retval;
retval = context->kdc_recv_hook(context, context->kdc_recv_hook_data,
retval, realm, message, &reply,
&hook_reply);
+ if (oldret && !retval) {
+ /* The hook must set a reply if it overrides an error from
+ * k5_sendto(). Treat this reply as coming from the master KDC. */
+ assert(hook_reply != NULL);
+ *use_master = 1;
+ }
}
if (retval)
goto cleanup;
More information about the cvs-krb5
mailing list