Random failure while communicating with KDC

subrahmanya sum.sagar at gmail.com
Mon Feb 24 23:33:25 EST 2014


Hi Ben,

KDC is running in windows 2008 and client in Linux 64. Following is the
code which I had marked in red.

case CONNECTING:
       if (ssflags & SSF_READ) {
           /* Bad -- the KDC shouldn't be sending to us first.  */
           e = EINVAL /* ?? */;
       kill_conn:
           TRACE_SENDTO_KDC_TCP_DISCONNECT(context, conn);
           kill_conn(conn, selstate, e);
           if (e == EINVAL) {
               closesocket(conn->fd);
               conn->fd = INVALID_SOCKET;
           }
           return e == 0;
       }

Thanks
Subrahmanya


On Tue, Feb 25, 2014 at 5:58 AM, Benjamin Kaduk <kaduk at mit.edu> wrote:

> On Mon, 24 Feb 2014, subrahmanya wrote:
>
>  Hi
>>
>> We are randomly facing an issue while authenticating with KDC. KDC is
>> hosted in one machine.
>>
>> I enabled logging in MIT code and also added some more tracing. I observed
>> that EINVAL is printed as value of 'e'. And, looking at other log messages
>> it seems in the failure scenario the code path mentioned in RED below is
>> being executed.
>>
>
> The message delivered to the list contains only a text/plain component;
> there is no color information.
>
>
>  service_tcp_fd(krb5_context context, struct conn_state *conn,
>>               struct select_state *selstate, int ssflags)
>> {
>>    int e = 0;
>>    ssize_t nwritten, nread;
>>
>>    if (!(ssflags & (SSF_READ|SSF_WRITE|SSF_EXCEPTION)))
>>        abort();
>>    switch (conn->state) {
>>        SOCKET_WRITEV_TEMP tmp;
>>
>>    case CONNECTING:
>>        if (ssflags & SSF_READ) {
>>            /* Bad -- the KDC shouldn't be sending to us first.  */
>>            e = EINVAL /* ?? */;
>>        kill_conn:
>>            TRACE_SENDTO_KDC_TCP_DISCONNECT(context, conn);
>>            kill_conn(conn, selstate, e);
>>            if (e == EINVAL) {
>>                closesocket(conn->fd);
>>                conn->fd = INVALID_SOCKET;
>>            }
>>            return e == 0;
>>        }
>>
>> As per the comment in the above code while in "CONNECTING" state SSF_READ
>> flag should never get set (which means select should never return that
>> socket is ready for READ?). But in our case it seems we are finding the
>> flag being set to SSF_READ. Does anyone know what could be the reason for
>> this issue? How could I get it working?
>>
>
> What operating system is the client running that is seeing these errors?
>
> -Ben Kaduk
>


More information about the Kerberos mailing list