From: Barry Jaspan <bjaspan@mit.edu>
Date: Tue, 12 Nov 1996 21:30:25 +0000 (+0000)
Subject: 	* auth_gssapi.c (auth_gssapi_create): handle channel bindings
X-Git-Tag: krb5-1.0-freeze1~39
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=6caadd951d3305cc6f9667aacbc423efb44f2553;p=krb5.git

	* auth_gssapi.c (auth_gssapi_create): handle channel bindings
 	failure so UDP connections can work [krb5-libs/180]

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@9390 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/lib/rpc/ChangeLog b/src/lib/rpc/ChangeLog
index 00975d930..b4e0eb723 100644
--- a/src/lib/rpc/ChangeLog
+++ b/src/lib/rpc/ChangeLog
@@ -1,3 +1,8 @@
+Tue Nov 12 16:27:27 1996  Barry Jaspan  <bjaspan@mit.edu>
+
+	* auth_gssapi.c (auth_gssapi_create): handle channel bindings
+ 	failure so UDP connections can work [krb5-libs/180]
+
 Tue Nov  5 18:43:46 1996  Tom Yu  <tlyu@mit.edu>
 
 	* configure.in: Revert removal of CopySrcHeader, etc., for now.
diff --git a/src/lib/rpc/auth_gssapi.c b/src/lib/rpc/auth_gssapi.c
index 01e7bffe9..7d51d3dce 100644
--- a/src/lib/rpc/auth_gssapi.c
+++ b/src/lib/rpc/auth_gssapi.c
@@ -158,7 +158,7 @@ AUTH *auth_gssapi_create(clnt, gssstat, minor_stat,
      struct sockaddr_in laddr, raddr;
      enum clnt_stat callstat;
      struct timeval timeout;
-     int init_func;
+     int init_func, bindings_failed;
      
      auth_gssapi_init_arg call_arg;
      auth_gssapi_init_res call_res;
@@ -207,6 +207,7 @@ AUTH *auth_gssapi_create(clnt, gssstat, minor_stat,
 
      /* start by trying latest version */
      call_arg.version = 4;
+     bindings_failed = 0;
 
 try_new_version:
      /* set state for initial call to init_sec_context */
@@ -229,7 +230,7 @@ try_new_version:
 	  mech_type = gss_mech_krb5_old;
 #endif
 
-     if (call_arg.version >= 3) {
+     if (!bindings_failed && call_arg.version >= 3) {
 	  if (clnt_control(clnt, CLGET_LOCAL_ADDR, &laddr) == FALSE) {
 	       PRINTF(("gssapi_create: CLGET_LOCAL_ADDR failed"));
 	       goto cleanup;
@@ -337,6 +338,11 @@ next_token:
 	       AUTH_GSSAPI_DISPLAY_STATUS(("in response from server",
 					   call_res.gss_major,
 					   call_res.gss_minor));
+	       if (GSS_ERROR(call_res.gss_major) == GSS_S_BAD_BINDINGS
+		   && call_arg.version > 2) {
+		    call_arg.version = 2;
+		    goto try_new_version;
+	       }
 	       goto cleanup;
 	  }