svn rev #24971: branches/krb5-1-9/src/lib/rpc/
tlyu@MIT.EDU
tlyu at MIT.EDU
Mon Jun 20 11:31:34 EDT 2011
http://src.mit.edu/fisheye/changelog/krb5/?cs=24971
Commit By: tlyu
Log Message:
ticket: 6920
version_fixed: 1.9.2
status: resolved
pull up r24967 from trunk
------------------------------------------------------------------------
r24967 | ghudson | 2011-06-13 14:54:33 -0400 (Mon, 13 Jun 2011) | 12 lines
ticket: 6920
subject: Fix old-style GSSRPC authentication
target_version: 1.9.2
tags: pullup
r24147 (ticket #6746) made libgssrpc ignorant of the remote address of
the kadmin socket, even when it's IPv4. This made old-style GSSAPI
authentication fail because it uses the wrong channel bindings. Fix
this problem by making clnttcp_create() get the remote address from
the socket using getpeername() if the caller doesn't provide it and
it's an IPv4 address.
Changed Files:
U branches/krb5-1-9/src/lib/rpc/clnt_tcp.c
Modified: branches/krb5-1-9/src/lib/rpc/clnt_tcp.c
===================================================================
--- branches/krb5-1-9/src/lib/rpc/clnt_tcp.c 2011-06-17 13:44:33 UTC (rev 24970)
+++ branches/krb5-1-9/src/lib/rpc/clnt_tcp.c 2011-06-20 15:31:34 UTC (rev 24971)
@@ -187,9 +187,16 @@
ct->ct_sock = *sockp;
ct->ct_wait.tv_usec = 0;
ct->ct_waitset = FALSE;
- if (raddr == NULL)
- memset(&ct->ct_addr, 0, sizeof(ct->ct_addr));
- else
+ if (raddr == NULL) {
+ /* Get the remote address from the socket, if it's IPv4. */
+ struct sockaddr_in sin;
+ socklen_t len = sizeof(sin);
+ int ret = getpeername(ct->ct_sock, (struct sockaddr *)&sin, &len);
+ if (ret == 0 && len == sizeof(sin) && sin.sin_family == AF_INET)
+ ct->ct_addr = sin;
+ else
+ memset(&ct->ct_addr, 0, sizeof(ct->ct_addr));
+ } else
ct->ct_addr = *raddr;
/*
More information about the cvs-krb5
mailing list