|
 |
252966 |
From 25e0656fdf9862faf9aa91288023776e9a47caad Mon Sep 17 00:00:00 2001
|
|
|
252966 |
From: Nathaniel McCallum <npmccallum@redhat.com>
|
|
|
252966 |
Date: Fri, 7 Aug 2015 15:35:58 -0400
|
|
|
252966 |
Subject: [PATCH] Do not allow stream socket retries in libkrad
|
|
|
252966 |
|
|
|
252966 |
Before this patch, libkrad would follow the same exact logic for all
|
|
|
252966 |
socket types when the retries parameter was non-zero. This meant that
|
|
|
252966 |
when connecting with SOCK_STREAM, multiple requests were sent in case
|
|
|
252966 |
of packet drops, which, of course, cannot happen for SOCK_STREAM.
|
|
|
252966 |
|
|
|
252966 |
Instead, just disable retries for SOCK_STREAM sockets.
|
|
|
252966 |
|
|
|
252966 |
[ghudson@mit.edu: minor wording edits]
|
|
|
252966 |
|
|
|
252966 |
ticket: 8229 (new)
|
|
|
252966 |
target_version: 1.13.3
|
|
|
252966 |
tags: pullup
|
|
|
252966 |
---
|
|
|
252966 |
Patch for RH Bug #1251586 ("KDC sends multiple requests to ipa-otpd
|
|
|
252966 |
for the same authentication")
|
|
|
252966 |
---
|
|
|
252966 |
src/include/krad.h | 3 ++-
|
|
|
252966 |
src/lib/krad/remote.c | 3 +++
|
|
|
252966 |
2 files changed, 5 insertions(+), 1 deletion(-)
|
|
|
252966 |
|
|
|
252966 |
diff --git a/src/include/krad.h b/src/include/krad.h
|
|
|
252966 |
index 913464c..e4edb52 100644
|
|
|
252966 |
--- a/src/include/krad.h
|
|
|
252966 |
+++ b/src/include/krad.h
|
|
|
252966 |
@@ -251,7 +251,8 @@ krad_client_free(krad_client *client);
|
|
|
252966 |
* - hostname:service
|
|
|
252966 |
*
|
|
|
252966 |
* The timeout parameter (milliseconds) is the total timeout across all remote
|
|
|
252966 |
- * hosts (when DNS returns multiple entries) and all retries.
|
|
|
252966 |
+ * hosts (when DNS returns multiple entries) and all retries. For stream
|
|
|
252966 |
+ * sockets, the retries parameter is ignored and no retries are performed.
|
|
|
252966 |
*
|
|
|
252966 |
* The cb function will be called with the data argument when either a response
|
|
|
252966 |
* is received or the request times out on all possible remote hosts.
|
|
|
252966 |
diff --git a/src/lib/krad/remote.c b/src/lib/krad/remote.c
|
|
|
252966 |
index 795485f..aaabffd 100644
|
|
|
252966 |
--- a/src/lib/krad/remote.c
|
|
|
252966 |
+++ b/src/lib/krad/remote.c
|
|
|
252966 |
@@ -448,6 +448,9 @@ kr_remote_send(krad_remote *rr, krad_code code, krad_attrset *attrs,
|
|
|
252966 |
krb5_error_code retval;
|
|
|
252966 |
request *r;
|
|
|
252966 |
|
|
|
252966 |
+ if (rr->info->ai_socktype == SOCK_STREAM)
|
|
|
252966 |
+ retries = 0;
|
|
|
252966 |
+
|
|
|
252966 |
r = TAILQ_FIRST(&rr->list);
|
|
|
252966 |
retval = krad_packet_new_request(rr->kctx, rr->secret, code, attrs,
|
|
|
252966 |
(krad_packet_iter_cb)iterator, &r, &tmp);
|