From: Jeffrey Altman Date: Wed, 16 Mar 2005 21:37:52 +0000 (+0000) Subject: STABLE14-windows-dns-crypt-20050516 X-Git-Tag: openafs-devel-1_3_80~17 X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=547d0e2967ce1c191e014ce95698ff0b1fc8c120;p=packages%2Fo%2Fopenafs.git STABLE14-windows-dns-crypt-20050516 Found another case in which the windows client could break connections which should not be broken if cryptall is on. If the connection is unauthenticated because there are no tokens, the connections will be broken. If a site relies on AFSDB records and the client machine is configured to append a domain suffix to all queries it is possible for "foo" and "foo.bar" to appear to be separate cells. fixed by appending a trailing '.' to all AFSDB queries if there is not already one. (cherry picked from commit 164d4ee959547e4791a497bc86377b269ec43dd2) --- diff --git a/src/WINNT/afsd/cm_conn.c b/src/WINNT/afsd/cm_conn.c index 972b55fd3..11611ef4d 100644 --- a/src/WINNT/afsd/cm_conn.c +++ b/src/WINNT/afsd/cm_conn.c @@ -534,6 +534,7 @@ static void cm_NewRXConnection(cm_conn_t *tcp, cm_ucell_t *ucellp, } else { /* normal auth */ secIndex = 0; + tcp->cryptlevel = rxkad_clear; secObjp = rxnull_NewClientSecurityObject(); } osi_assert(secObjp != NULL); @@ -580,7 +581,7 @@ long cm_ConnByServer(cm_server_t *serverp, cm_user_t *userp, cm_conn_t **connpp) lock_ReleaseMutex(&tcp->mx); } else { if ((tcp->ucgen < ucellp->gen) || - (tcp->cryptlevel != (cryptall ? rxkad_crypt : rxkad_clear))) + (tcp->cryptlevel != (cryptall ? (ucellp->flags & CM_UCELLFLAG_RXKAD ? rxkad_crypt : rxkad_clear) : rxkad_clear))) { if (tcp->ucgen < ucellp->gen) osi_Log0(afsd_logp, "cm_ConnByServer replace connection due to token update"); diff --git a/src/WINNT/afsd/cm_dns.c b/src/WINNT/afsd/cm_dns.c index 81a3962ba..7bb235cd2 100644 --- a/src/WINNT/afsd/cm_dns.c +++ b/src/WINNT/afsd/cm_dns.c @@ -636,6 +636,7 @@ int getAFSServer(char *cellName, int *cellHostAddrs, char cellHostNames[][MAXHOS SOCKADDR_IN sockAddr; PDNS_HDR pDNShdr; char buffer[BUFSIZE]; + char query[1024]; int rc; #ifdef DEBUG @@ -672,6 +673,13 @@ int getAFSServer(char *cellName, int *cellHostAddrs, char cellHostNames[][MAXHOS bind(commSock,0,sizeof( SOCKADDR_IN ) ); #endif /* DJGPP */ + strncpy(query, cellName, 1024); + query[1023] = 0; + if (query[strlen(query)-1] != '.') { + strncat(query,".",1024); + query[1023] = 0; + } + rc = send_DNS_AFSDB_Query(cellName,commSock,sockAddr, buffer); if (rc < 0) { fprintf(stderr,"getAFSServer: send_DNS_AFSDB_Query failed\n");