Found another case in which the windows client could break connections
which should not be broken if cryptall is on. If the connection is
unauthenticated because there are no tokens, the connections will be
broken.
If a site relies on AFSDB records and the client machine is configured
to append a domain suffix to all queries it is possible for "foo" and
"foo.bar" to appear to be separate cells. fixed by appending a trailing
'.' to all AFSDB queries if there is not already one.
(cherry picked from commit
164d4ee959547e4791a497bc86377b269ec43dd2)
} else {
/* normal auth */
secIndex = 0;
+ tcp->cryptlevel = rxkad_clear;
secObjp = rxnull_NewClientSecurityObject();
}
osi_assert(secObjp != NULL);
lock_ReleaseMutex(&tcp->mx);
} else {
if ((tcp->ucgen < ucellp->gen) ||
- (tcp->cryptlevel != (cryptall ? rxkad_crypt : rxkad_clear)))
+ (tcp->cryptlevel != (cryptall ? (ucellp->flags & CM_UCELLFLAG_RXKAD ? rxkad_crypt : rxkad_clear) : rxkad_clear)))
{
if (tcp->ucgen < ucellp->gen)
osi_Log0(afsd_logp, "cm_ConnByServer replace connection due to token update");
SOCKADDR_IN sockAddr;
PDNS_HDR pDNShdr;
char buffer[BUFSIZE];
+ char query[1024];
int rc;
#ifdef DEBUG
bind(commSock,0,sizeof( SOCKADDR_IN ) );
#endif /* DJGPP */
+ strncpy(query, cellName, 1024);
+ query[1023] = 0;
+ if (query[strlen(query)-1] != '.') {
+ strncat(query,".",1024);
+ query[1023] = 0;
+ }
+
rc = send_DNS_AFSDB_Query(cellName,commSock,sockAddr, buffer);
if (rc < 0) {
fprintf(stderr,"getAFSServer: send_DNS_AFSDB_Query failed\n");
projects / packages / o / openafs.git / commitdiff