When sending a Kerberos request, if at least one of the available
KDCs repeatedly replies with an error response of
KRB5KDC_ERR_SVC_UNAVAILABLE, and all other KDCs, if there are any,
do not reply at all or cannot be contacted, then the code repeatedly
retries to send the request in an endless loop.
This is fixed in upstream (post 1.5 branch) heimdal but the code
there is vastly refactored, so this is an independent fix to the issue.
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jun 17 02:34:31 CEST 2015 on sn-devel-104
krb5_krbhst_info**);
unsigned int fallback_count;
+ unsigned int try_count;
struct krb5_krbhst_info *hosts, **index, **end;
};
free(handle);
}
+void KRB5_LIB_FUNCTION
+krb5_krbhst_retry(krb5_context context, krb5_krbhst_handle handle)
+{
+ ++handle->try_count;
+}
+
+krb5_boolean KRB5_LIB_FUNCTION
+krb5_krbhst_retry_exceeded(krb5_context context, krb5_krbhst_handle handle)
+{
+ if (handle->try_count >= context->max_retries)
+ return TRUE;
+ else
+ return FALSE;
+}
+
/* backwards compatibility ahead */
static krb5_error_code
krb5_data_zero(receive);
- for (i = 0; i < context->max_retries; ++i) {
+ while (!krb5_krbhst_retry_exceeded(context, handle)) {
krb5_krbhst_info *hi;
while (krb5_krbhst_next(context, handle, &hi) == 0) {
}
}
krb5_krbhst_reset(context, handle);
+ krb5_krbhst_retry(context, handle);
}
krb5_clear_error_message (context);
ret = KRB5_KDC_UNREACH;