[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: heimdal 0.5.2 and v4 cross-realm
- To: heimdal-discuss@sics.se
- Subject: Re: heimdal 0.5.2 and v4 cross-realm
- From: joda@pdc.kth.se (Johan Danielsson)
- Date: 18 Mar 2003 15:56:33 +0100
- In-Reply-To: assar's message of "17 Mar 2003 10:09:18 -0500"
- References: <m2llzef2sh.fsf@PERMABIT-1-188.permabit.com>
- Sender: owner-heimdal-discuss@sics.se
- User-Agent: Gnus/5.0807 (Gnus v5.8.7) Emacs/20.7
This patch makes the KDC returns an error to the client if cross-realm
524 is denied, which should make the timeouts go away.
As this is mostly cosmetics, we will not make a new release with just
this. There will hopefully be a 0.6 out in not too long.
If you feel like it, you can try the snapshots found in
ftp://ftp.pdc.kth.se/pub/heimdal/src/snapshots/. Note the meaning of
the word "snapshot" - they might not work as expected.
/Johan
--- kdc/524.c 2003/03/17 06:46:44 1.25.4.1
+++ kdc/524.c 2003/03/18 14:42:52 1.25.4.2
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,7 @@
#include "kdc_locl.h"
-RCSID("$Id: 524.c,v 1.25.4.1 2003/03/17 06:46:44 assar Exp $");
+RCSID("$Id: 524.c,v 1.25.4.2 2003/03/18 14:42:52 joda Exp $");
#ifdef KRB4
@@ -254,7 +254,8 @@
if (!enable_v4_cross_realm && strcmp (et.crealm, t->realm) != 0) {
kdc_log(0, "524 cross-realm %s -> %s disabled", et.crealm,
t->realm);
- return KRB5KDC_ERR_POLICY;
+ ret = KRB5KDC_ERR_POLICY;
+ goto out;
}
ret = encode_v4_ticket(buf + sizeof(buf) - 1, sizeof(buf),