KDC HA Failure with krb5-1.9.1 and pam-krb5 4.4

Fri Nov 18 18:32:09 EST 2011

On Fri, Nov 18, 2011 at 05:41:44PM -0500, Tom Parker wrote:
> Thanks for your quick reply.  I have attached my results below.  When 
> one of my KDCs is down the client kinit fails with: kinit: 
> sendto_kdc.c:617: cm_get_ssflags: Assertion `i < selstate->nfds' failed.

That looks like a bug that we ran into when the send-to-kdc code was
reworked to use poll() (RT#6905) and we pulled it from trunk to add to
our 1.9 and 1.9.1 binary packages.  The fix was RT#6951.  We ran into
another case, too, but by then that part of the library had been
reworked again so that trunk didn't need the fix, so I didn't open a
ticket for it.  I'll append the patch for it below.

HTH,

Nalin

If we exit the transmit loop cleanly, don't overestimate the size of the
connections array.  This bug appears to have been removed upstream when
this function was rewritten in trunk, and the select()-based implementation
is still what's in 1.9, so this patch has nowhere to go.

--- krb5-1.9.1/src/lib/krb5/os/sendto_kdc.c	2011-09-28 14:54:20.560811664 -0400
+++ krb5-1.9.1/src/lib/krb5/os/sendto_kdc.c	2011-09-28 14:54:11.396812292 -0400
@@ -1317,7 +1319,10 @@ krb5int_sendto (krb5_context context, co
            call with the last one from the above loop, if the loop
            actually calls select.  */
         sel_state->end_time.tv_sec += delay_this_pass;
-        e = service_fds(context, sel_state, conns, host+1, &winning_conn,
+        i = host+1;
+        if (i > n_conns)
+            i = n_conns;
+        e = service_fds(context, sel_state, conns, i, &winning_conn,
                         sel_state+1, msg_handler, msg_handler_data);
         if (e)
             break;

