- added referral loop checking

- updated state

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/referrals@18574 dc483132-0cff-0310-8789-dd5450dbe970

2 files changed, 46 insertions, 29 deletions

diff --git a/TODO b/TODO
index 70b76f0..c5430b9 100644
--- a/TODO
+++ b/TODO
@@ -1,8 +1,34 @@
-blocking issues for beta release
-================================
-- referral loop checking
-- maybe don't return first-hop referral TGT for ccache if it's cached already?
-- testing, cleanup, documentation
+outstanding issues:
+==================
+- Should we return the first-hop referral TGT for ccache even if it's
+  cached already?  Sure, it's newer than anything we'd have, but do we
+  really want to stuff the cache full of almost-identical TGTs if we're
+  doing repeated referrals to the same destination?  Is there a point in
+  returning it at all, since future referrals won't use it and
+  the first non-referral request to that realm (should such a request
+  ever occur) will incur one extra round-trip after which it will be
+  cached?
+
+final cleanup:
+=============
+- review code for:
+  - string safety, particularly strcmp use -- little is guaranteed to be a string,
+    do not use string functions without extreme caution.
+  - memory leaks
+  - other memory management issues
+- scan for leftover bogosities with "XXX" tag (in new code only!)
+- review code format
+- catalog namespace changes for review
+
+integration issues:
+==================
+- review namespace use
+- decide whether to up MAXHOPS
+
+testing issues/open questions:
+=============================
+- Should we do the single non-referral fallback always or only on certain
+  KDC failure states?  Probably answer this from testing.
 
 further work:
 ============
@@ -13,24 +39,3 @@ further work:
 - add klist option to print actual credential principal
 - padata parsing for referral data verification and possible principal rewrite
 - KDC support for referrals
-
-testing issues:
-==============
-- verify that cached tickets work properly
-- verify that intermediate TGTs aren't cached
-- Should we do the single non-referral fallback always or only on certain
-  KDC failure states?  Probably answer this from testing.
-
-low-priority:
-- code (or explicitly punt) edge cases in krb5_get_cred_from_kdc_opt
-
-final cleanup: (pre-beta)
-=============
-- scan for leftover bogosities with "XXX" tag
-- check namespace use with tom
-- review code for:
-  - string safety, particularly strcmp use -- nothing is guaranteed to be a string,
-    do not use string functions at all.
-  - memory leaks
-- check assumptions on assumed dereferencability of credential members
-- review code format
diff --git a/src/lib/krb5/krb/gc_frm_kdc.c b/src/lib/krb5/krb/gc_frm_kdc.c
index 7c797b2..d659853 100644
--- a/src/lib/krb5/krb/gc_frm_kdc.c
+++ b/src/lib/krb5/krb/gc_frm_kdc.c
@@ -906,9 +906,21 @@ krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache,
 	        printf("gc_from_kdc: request generated referral tgt\n");
 		dbgref_dump_principal("gc_from_kdc credential received", (*out_cred)->server);
 #endif
-		/*
-		 * Point current tgt pointer at newly-received TGT.
-		 */
+		/* Check for referral routing loop. */
+		for (i=0;i<referral_count;i++) {
+#ifdef DEBUG_REFERRALS
+#if 0
+		    dbgref_dump_principal("gc_from_kdc: loop compare #1", (*out_cred)->server);
+		    dbgref_dump_principal("gc_from_kdc: loop compare #2", referral_tgts[i]);
+#endif
+#endif
+		    if (krb5_principal_compare(context, (*out_cred)->server, referral_tgts[i])) {
+		        fprintf("krb5_get_cred_from_kdc_opt: referral routing loop afer %d hops\n",i);
+			retval=KRB5_KDC_UNREACH;
+			goto cleanup;
+		    }
+		}
+		/* Point current tgt pointer at newly-received TGT. */
 		/* XXX Memory leak for the old tgtptr? */
 		tgtptr=*out_cred;
 		/* Make copy of cred for referral_tgts. */