diff options
author | Russ Allbery <rra@stanford.edu> | 2012-05-10 16:11:12 -0700 |
---|---|---|
committer | Russ Allbery <rra@stanford.edu> | 2012-05-10 16:11:12 -0700 |
commit | 69039567b26faa8e2c9ea1ed9b92d1629d6c5591 (patch) | |
tree | efaefe545f6360ff0755c788853f6b849db4c089 /server | |
parent | f584f1c54abd62f28d82a7debf6bb6a8affebb8d (diff) |
Be more aggressive about closing the client connection on error
remctld now always closes the client connection after low-level errors
reading or sending tokens. Previously, it would attempt to continue
after some socket or GSS-API errors, which may have caused hanging
remctld processes in some circumstances.
Change-Id: I6887bc608f1cc846456e668f84b38897ee1f67ea
Diffstat (limited to 'server')
-rw-r--r-- | server/server-v2.c | 15 |
1 files changed, 7 insertions, 8 deletions
diff --git a/server/server-v2.c b/server/server-v2.c index a058916..9281647 100644 --- a/server/server-v2.c +++ b/server/server-v2.c @@ -231,9 +231,8 @@ server_v2_read_token(struct client *client, gss_buffer_t token) TOKEN_MAX_LENGTH, TIMEOUT, &major, &minor); if (status != TOKEN_OK) { warn_token("receiving token", status, major, minor); - if (status != TOKEN_FAIL_EOF) - if (!server_send_error(client, ERROR_BAD_TOKEN, "Invalid token")) - return TOKEN_FAIL_EOF; + if (status != TOKEN_FAIL_EOF && status != TOKEN_FAIL_SOCKET) + server_send_error(client, ERROR_BAD_TOKEN, "Invalid token"); } return status; } @@ -256,8 +255,10 @@ server_v2_read_continuation(struct client *client, gss_buffer_t token) char *p; status = server_v2_read_token(client, token); - if (status != TOKEN_OK) + if (status != TOKEN_OK) { + client->fatal = true; return false; + } p = token->value; if (p[0] != 2 && p[0] != 3) { server_v2_send_version(client); @@ -374,7 +375,7 @@ server_v2_handle_command(struct client *client, struct config *config, fail: if (allocated) free(buffer); - return result; + return client->fatal ? false : result; } @@ -435,10 +436,8 @@ server_v2_handle_messages(struct client *client, struct config *config) client->keepalive = true; do { status = server_v2_read_token(client, &token); - if (status == TOKEN_FAIL_EOF) + if (status != TOKEN_OK) break; - else if (status != TOKEN_OK) - continue; if (!server_v2_handle_token(client, config, &token)) { gss_release_buffer(&minor, &token); break; |