From 6f5c9565c82dac798e7b0b0cfb2c128470d48d51 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Wed, 26 Mar 2025 17:03:07 +0000 Subject: [PATCH] daemon: Retry authentication if we could not reach the KDC Signed-off-by: Michael Tremer --- src/pakfire/daemon.c | 32 ++++++++++++++++++++++---------- 1 file changed, 22 insertions(+), 10 deletions(-) diff --git a/src/pakfire/daemon.c b/src/pakfire/daemon.c index 4d10005c..ad0d31d5 100644 --- a/src/pakfire/daemon.c +++ b/src/pakfire/daemon.c @@ -989,10 +989,29 @@ static int pakfire_daemon_auth(sd_event_source* s, uint64_t usec, void* data) { r = krb5_get_init_creds_keytab(daemon->krb5.ctx, &creds, daemon->krb5.principal, keytab, 0, NULL, options); if (r) { - error = krb5_get_error_message(daemon->krb5.ctx, r); + switch (r) { + // If we could not reach the KDC, we will try again after one minute + case KRB5_KDC_UNREACH: + DEBUG(daemon->ctx, "Failed to contact the KDC. Retrying in 60 seconds...\n"); + + // Reset the timer + r = sd_event_source_set_time_relative(daemon->auth_timer, S_TO_US(60)); + if (r < 0) { + ERROR(daemon->ctx, "Could not reset the auth timer: %s\n", strerror(-r)); + goto ERROR; + } - ERROR(daemon->ctx, "Could not fetch credentials: %s\n", error); - goto ERROR; + // Reset r + r = 0; + goto ERROR; + + // Fail for everything else + default: + error = krb5_get_error_message(daemon->krb5.ctx, r); + + ERROR(daemon->ctx, "Could not fetch credentials: %s\n", error); + goto ERROR; + } } // Determine the end time @@ -1044,13 +1063,6 @@ static int pakfire_daemon_auth(sd_event_source* s, uint64_t usec, void* data) { goto ERROR; } - /* - XXX This function needs some better error handling. In case the communication - with the Kerberos server fails, we should reschedule a call very soon (maybe - within a minute) and once the credentials have expired, we should stop the - (re-)connection timer. - */ - ERROR: if (error) krb5_free_error_message(daemon->krb5.ctx, error); -- 2.39.5