(get_cred_kdc_usage): retry using "large message safe" transport if we

get back KRB5KRB_ERR_RESPONSE_TOO_BIG error. Idea from Guenther Deschner <gd@sernet.de> git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14269 ec53bebd-3082-4978-b11e-865c3cabbd6b
2004-09-28 17:29:39 +00:00
parent 209ac33571
commit 317fc43716
1 changed files with 20 additions and 16 deletions
--- a/lib/krb5/get_cred.c
+++ b/lib/krb5/get_cred.c
@@ -396,10 +396,12 @@ get_cred_kdc_usage(krb5_context context,
    krb5_error_code ret;
    unsigned nonce;
    krb5_keyblock *subkey = NULL;
-    u_char *buf = NULL;
-    size_t buf_size;
    size_t len;
    Ticket second_ticket;
+    int send_to_kdc_flags = 0;
+    
+    krb5_data_zero(&resp);
+    krb5_data_zero(&enc);

    krb5_generate_random_block(&nonce, sizeof(nonce));
    nonce &= 0xffffffff;
@@ -428,26 +430,24 @@ get_cred_kdc_usage(krb5_context context,
    if (ret)
 	goto out;

-    ASN1_MALLOC_ENCODE(TGS_REQ, buf, buf_size, &req, &enc.length, ret);
+    ASN1_MALLOC_ENCODE(TGS_REQ, enc.data, enc.length, &req, &len, ret);
    if (ret) 
 	goto out;
-    if(enc.length != buf_size)
+    if(enc.length != len)
 	krb5_abortx(context, "internal error in ASN.1 encoder");

    /* don't free addresses */
    req.req_body.addresses = NULL;
    free_TGS_REQ(&req);

-    enc.data = buf + buf_size - enc.length;
-    if (ret)
-	goto out;
-    
    /*
     * Send and receive
     */
-
-    ret = krb5_sendto_kdc (context, &enc, 
-			   &krbtgt->server->name.name_string.val[1], &resp);
+again:
+    ret = krb5_sendto_kdc_flags (context, &enc, 
+				 &krbtgt->server->name.name_string.val[1],
+				 &resp,
+				 send_to_kdc_flags);
    if(ret)
 	goto out;

@@ -479,11 +479,15 @@ get_cred_kdc_usage(krb5_context context,
 				   decrypt_tkt_with_subkey,
 				   subkey);
 	krb5_free_kdc_rep(context, &rep);
-	if (ret)
-	    goto out;
    } else if(krb5_rd_error(context, &resp, &error) == 0) {
 	ret = krb5_error_from_rd_error(context, &error, in_creds);
 	krb5_free_error_contents(context, &error);
+
+	if (ret == KRB5KRB_ERR_RESPONSE_TOO_BIG && !(send_to_kdc_flags & KRB5_KRBHST_FLAGS_LARGE_MSG)) {
+	    send_to_kdc_flags |= KRB5_KRBHST_FLAGS_LARGE_MSG;
+	    krb5_data_free(&resp);
+	    goto again;
+	}
    } else if(resp.data && ((char*)resp.data)[0] == 4) {
 	ret = KRB5KRB_AP_ERR_V4_REPLY;
 	krb5_clear_error_string(context);
@@ -491,14 +495,14 @@ get_cred_kdc_usage(krb5_context context,
 	ret = KRB5KRB_AP_ERR_MSG_TYPE;
 	krb5_clear_error_string(context);
    }
-    krb5_data_free(&resp);
+
 out:
+    krb5_data_free(&resp);
+    krb5_data_free(&enc);
    if(subkey){
 	krb5_free_keyblock_contents(context, subkey);
 	free(subkey);
    }
-    if (buf)
-	free (buf);
    return ret;
    
 }