From 25e0656fdf9862faf9aa91288023776e9a47caad Mon Sep 17 00:00:00 2001 From: Nathaniel McCallum Date: Fri, 7 Aug 2015 15:35:58 -0400 Subject: [PATCH] Do not allow stream socket retries in libkrad Before this patch, libkrad would follow the same exact logic for all socket types when the retries parameter was non-zero. This meant that when connecting with SOCK_STREAM, multiple requests were sent in case of packet drops, which, of course, cannot happen for SOCK_STREAM. Instead, just disable retries for SOCK_STREAM sockets. [ghudson@mit.edu: minor wording edits] ticket: 8229 (new) target_version: 1.13.3 tags: pullup --- Patch for RH Bug #1251586 ("KDC sends multiple requests to ipa-otpd for the same authentication") --- src/include/krad.h | 3 ++- src/lib/krad/remote.c | 3 +++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/src/include/krad.h b/src/include/krad.h index 913464c..e4edb52 100644 --- a/src/include/krad.h +++ b/src/include/krad.h @@ -251,7 +251,8 @@ krad_client_free(krad_client *client); * - hostname:service * * The timeout parameter (milliseconds) is the total timeout across all remote - * hosts (when DNS returns multiple entries) and all retries. + * hosts (when DNS returns multiple entries) and all retries. For stream + * sockets, the retries parameter is ignored and no retries are performed. * * The cb function will be called with the data argument when either a response * is received or the request times out on all possible remote hosts. diff --git a/src/lib/krad/remote.c b/src/lib/krad/remote.c index 795485f..aaabffd 100644 --- a/src/lib/krad/remote.c +++ b/src/lib/krad/remote.c @@ -448,6 +448,9 @@ kr_remote_send(krad_remote *rr, krad_code code, krad_attrset *attrs, krb5_error_code retval; request *r; + if (rr->info->ai_socktype == SOCK_STREAM) + retries = 0; + r = TAILQ_FIRST(&rr->list); retval = krad_packet_new_request(rr->kctx, rr->secret, code, attrs, (krad_packet_iter_cb)iterator, &r, &tmp);