Hi Viktor, On Wed, 2017-07-12 at 05:14 +0000, Viktor Dukhovni wrote: > On Tue, Jul 11, 2017 at 10:19:48PM -0400, Greg Hudson wrote: > I think the bug was introduced by commit > > 4b4036c9a6697f0101c60845e19664f64fdd0810 and is that the value of ret is > > squashed by the call to _krb5_find_capath() in tgs_build_reply(). In > > this scenario, I believe the call succeeds, but doesn't find any > > capaths, so we don't goto server_lookup, instead dropping down and going > > to out with ret still 0. _kdc_tgs_rep() doesn't create an error reply > > if ret is 0, so the KDC sends no reply. > That looks plausible, does the below look like the right fix to you?
Yes! Already had a similar patch ready and this indeed cures the KDC's response behaviour to the client! Cheers, Andreas -- | Andreas Haupt | E-Mail: andreas.ha...@desy.de | DESY Zeuthen | WWW: http://www-zeuthen.desy.de/~ahaupt | Platanenallee 6 | Phone: +49/33762/7-7359 | D-15738 Zeuthen | Fax: +49/33762/7-7216
Description: S/MIME cryptographic signature