Blame SOURCES/krb5-1.12ish-kpasswd_tcp.patch
|
 |
5af5b2 |
Fall back to TCP on kdc-unresolvable/unreachable errors. We still have
|
|
|
5af5b2 |
to wait for UDP to fail, so this might not be ideal. RT #5868.
|
|
|
5af5b2 |
|
|
|
5af5b2 |
--- krb5/src/lib/krb5/os/changepw.c
|
|
|
5af5b2 |
+++ krb5/src/lib/krb5/os/changepw.c
|
|
|
5af5b2 |
@@ -270,10 +270,22 @@ change_set_password(krb5_context context
|
|
|
4be148 |
&sl, strategy, &callback_info, &chpw_rep,
|
|
|
4be148 |
ss2sa(&remote_addr), &addrlen, NULL, NULL, NULL);
|
|
|
5af5b2 |
if (code) {
|
|
|
5af5b2 |
- /*
|
|
|
5af5b2 |
- * Here we may want to switch to TCP on some errors.
|
|
|
5af5b2 |
- * right?
|
|
|
5af5b2 |
- */
|
|
|
5af5b2 |
+ /* if we're not using a stream socket, and it's an error which
|
|
|
5af5b2 |
+ * might reasonably be specific to a datagram "connection", try
|
|
|
5af5b2 |
+ * again with a stream socket */
|
|
|
4be148 |
+ if (!no_udp) {
|
|
|
5af5b2 |
+ switch (code) {
|
|
|
5af5b2 |
+ case KRB5_KDC_UNREACH:
|
|
|
5af5b2 |
+ case KRB5_REALM_CANT_RESOLVE:
|
|
|
5af5b2 |
+ case KRB5KRB_ERR_RESPONSE_TOO_BIG:
|
|
|
4be148 |
+ /* should we do this for more result codes than these? */
|
|
|
5af5b2 |
+ k5_free_serverlist (&sl);
|
|
|
4be148 |
+ no_udp = 1;
|
|
|
5af5b2 |
+ continue;
|
|
|
5af5b2 |
+ default:
|
|
|
5af5b2 |
+ break;
|
|
|
5af5b2 |
+ }
|
|
|
5af5b2 |
+ }
|
|
|
5af5b2 |
break;
|
|
|
5af5b2 |
}
|
|
|
5af5b2 |
|