From: Greg Hudson Date: Fri, 11 Jan 2013 17:06:37 +0000 (-0500) Subject: Clean up k5_locate_server error handling X-Git-Tag: krb5-1.12-alpha1~354 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e73890eaf0f6f287132de882df8462e45ffe4987;p=thirdparty%2Fkrb5.git Clean up k5_locate_server error handling profile_get_values() cannot return success with an empty list of values, so don't bother counting them. Return 0 from locate_srv_conf_1 if no profile values exist and from dns_locate_server if we decide not to make a SRV query. Adjust k5_locate_server to match the new helper behavior, and return KRB5_REALM_UNKNOWN if neither profile nor DNS come up with any answers (not KRB5_REALM_CANT_RESOLVE, which doesn't make sense now that we're deferring KDC hostname resolution). --- diff --git a/src/lib/krb5/os/locate_kdc.c b/src/lib/krb5/os/locate_kdc.c index 89ef549a09..ed8cc641e7 100644 --- a/src/lib/krb5/os/locate_kdc.c +++ b/src/lib/krb5/os/locate_kdc.c @@ -192,7 +192,7 @@ locate_srv_conf_1(krb5_context context, const krb5_data *realm, const char *realm_srv_names[4]; char **hostlist, *host, *port, *cp; krb5_error_code code; - int i, count; + int i; Tprintf ("looking in krb5.conf for realm %s entry %s; ports %d,%d\n", realm->data, name, ntohs (udpport), ntohs (sec_udpport)); @@ -216,21 +216,10 @@ locate_srv_conf_1(krb5_context context, const krb5_data *realm, Tprintf ("config file lookup failed: %s\n", error_message(code)); if (code == PROF_NO_SECTION || code == PROF_NO_RELATION) - code = KRB5_REALM_UNKNOWN; + code = 0; return code; } - count = 0; - while (hostlist && hostlist[count]) - count++; - Tprintf ("found %d entries under 'kdc'\n", count); - - if (count == 0) { - profile_free_list(hostlist); - serverlist->nservers = 0; - return 0; - } - for (i=0; hostlist[i]; i++) { int p1, p2; @@ -527,7 +516,7 @@ dns_locate_server(krb5_context context, const krb5_data *realm, krb5_error_code code; if (!use_dns) - return KRB5_PLUGIN_NO_HANDLE; + return 0; switch (svc) { case locate_service_kdc: @@ -546,7 +535,7 @@ dns_locate_server(krb5_context context, const krb5_data *realm, dnsname = "_kpasswd"; break; default: - return KRB5_PLUGIN_NO_HANDLE; + return 0; } code = 0; @@ -596,12 +585,8 @@ k5_locate_server(krb5_context context, const krb5_data *realm, code = prof_locate_server(context, realm, &al, svc, socktype); #ifdef KRB5_DNS_LOOKUP - if (code) { /* Try DNS for all profile errors? */ - krb5_error_code code2; - code2 = dns_locate_server(context, realm, &al, svc, socktype); - if (code2 != KRB5_PLUGIN_NO_HANDLE) - code = code2; - } + if (code == 0 && al.nservers == 0) + code = dns_locate_server(context, realm, &al, svc, socktype); #endif /* KRB5_DNS_LOOKUP */ /* We could put more heuristics here, like looking up a hostname @@ -619,10 +604,10 @@ k5_locate_server(krb5_context context, const krb5_data *realm, } if (al.nservers == 0) { /* No good servers */ k5_free_serverlist(&al); - krb5_set_error_message(context, KRB5_REALM_CANT_RESOLVE, - _("Cannot resolve servers for KDC in realm " - "\"%.*s\""), realm->length, realm->data); - return KRB5_REALM_CANT_RESOLVE; + krb5_set_error_message(context, KRB5_REALM_UNKNOWN, + _("Cannot find KDC for realm \"%.*s\""), + realm->length, realm->data); + return KRB5_REALM_UNKNOWN; } *serverlist = al; return 0;