krb5 commit: Allow kprop over more types of NATs
Greg Hudson
ghudson at mit.edu
Fri Jan 8 11:43:20 EST 2021
https://github.com/krb5/krb5/commit/92cc557796e72b49f2bd50f6b705dc3b8acf357e
commit 92cc557796e72b49f2bd50f6b705dc3b8acf357e
Author: Greg Hudson <ghudson at mit.edu>
Date: Thu Jan 7 12:34:57 2021 -0500
Allow kprop over more types of NATs
Do not send an r-address in messages from kprop, so that kpropd will
not check it against the receiver address. This change allows kprop
to work when a NAT changes the destination address. (Commit
775e496aac2650343ec20826b1ba7f6306a12f3c allows kprop to work when a
NAT changes the source address.) Reported by Jorj Bauer.
ticket: 8977 (new)
src/kprop/kprop.c | 10 +---------
1 files changed, 1 insertions(+), 9 deletions(-)
diff --git a/src/kprop/kprop.c b/src/kprop/kprop.c
index 0b53aae..11239ef 100644
--- a/src/kprop/kprop.c
+++ b/src/kprop/kprop.c
@@ -60,7 +60,6 @@ static krb5_principal my_principal;
static krb5_creds creds;
static krb5_address *sender_addr;
-static krb5_address *receiver_addr;
static const char *port = KPROP_SERVICE;
static char *dbpathname;
@@ -251,12 +250,6 @@ open_connection(krb5_context context, char *host, int *fd_out)
/* We successfully connect()ed */
*fd_out = s;
- retval = sockaddr2krbaddr(context, res->ai_family, res->ai_addr,
- &receiver_addr);
- if (retval != 0) {
- com_err(progname, retval, _("while converting server address"));
- exit(1);
- }
break;
}
@@ -296,8 +289,7 @@ kerberos_authenticate(krb5_context context, krb5_auth_context *auth_context,
krb5_auth_con_setflags(context, *auth_context,
KRB5_AUTH_CONTEXT_DO_SEQUENCE);
- retval = krb5_auth_con_setaddrs(context, *auth_context, sender_addr,
- receiver_addr);
+ retval = krb5_auth_con_setaddrs(context, *auth_context, sender_addr, NULL);
if (retval) {
com_err(progname, retval, _("in krb5_auth_con_setaddrs"));
exit(1);
More information about the cvs-krb5
mailing list