From 164d4ee959547e4791a497bc86377b269ec43dd2 Mon Sep 17 00:00:00 2001 From: Jeffrey Altman Date: Wed, 16 Mar 2005 21:37:07 +0000 Subject: [PATCH] windows-dns-crypt-20050516 Found another case in which the windows client could break connections which should not be broken if cryptall is on. If the connection is unauthenticated because there are no tokens, the connections will be broken. If a site relies on AFSDB records and the client machine is configured to append a domain suffix to all queries it is possible for "foo" and "foo.bar" to appear to be separate cells. fixed by appending a trailing '.' to all AFSDB queries if there is not already one. --- src/WINNT/afsd/cm_conn.c | 3 ++- src/WINNT/afsd/cm_dns.c | 8 ++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/src/WINNT/afsd/cm_conn.c b/src/WINNT/afsd/cm_conn.c index 972b55fd3..11611ef4d 100644 --- a/src/WINNT/afsd/cm_conn.c +++ b/src/WINNT/afsd/cm_conn.c @@ -534,6 +534,7 @@ static void cm_NewRXConnection(cm_conn_t *tcp, cm_ucell_t *ucellp, } else { /* normal auth */ secIndex = 0; + tcp->cryptlevel = rxkad_clear; secObjp = rxnull_NewClientSecurityObject(); } osi_assert(secObjp != NULL); @@ -580,7 +581,7 @@ long cm_ConnByServer(cm_server_t *serverp, cm_user_t *userp, cm_conn_t **connpp) lock_ReleaseMutex(&tcp->mx); } else { if ((tcp->ucgen < ucellp->gen) || - (tcp->cryptlevel != (cryptall ? rxkad_crypt : rxkad_clear))) + (tcp->cryptlevel != (cryptall ? (ucellp->flags & CM_UCELLFLAG_RXKAD ? rxkad_crypt : rxkad_clear) : rxkad_clear))) { if (tcp->ucgen < ucellp->gen) osi_Log0(afsd_logp, "cm_ConnByServer replace connection due to token update"); diff --git a/src/WINNT/afsd/cm_dns.c b/src/WINNT/afsd/cm_dns.c index 81a3962ba..7bb235cd2 100644 --- a/src/WINNT/afsd/cm_dns.c +++ b/src/WINNT/afsd/cm_dns.c @@ -636,6 +636,7 @@ int getAFSServer(char *cellName, int *cellHostAddrs, char cellHostNames[][MAXHOS SOCKADDR_IN sockAddr; PDNS_HDR pDNShdr; char buffer[BUFSIZE]; + char query[1024]; int rc; #ifdef DEBUG @@ -672,6 +673,13 @@ int getAFSServer(char *cellName, int *cellHostAddrs, char cellHostNames[][MAXHOS bind(commSock,0,sizeof( SOCKADDR_IN ) ); #endif /* DJGPP */ + strncpy(query, cellName, 1024); + query[1023] = 0; + if (query[strlen(query)-1] != '.') { + strncat(query,".",1024); + query[1023] = 0; + } + rc = send_DNS_AFSDB_Query(cellName,commSock,sockAddr, buffer); if (rc < 0) { fprintf(stderr,"getAFSServer: send_DNS_AFSDB_Query failed\n"); -- 2.39.5