gssftp channel bindingg with ipv6

Markus Moeller huaraz at moeller.plus.com
Mon Aug 27 11:25:37 EDT 2012


What is the right way to do channel binding for ipv6 ?

 I see heimdal uses GSS_C_AF_INET6 whereas Solaris/MIT seem to use only 
GSS_C_AF_INET.


Heimdal:

sockaddr_to_gss_address (struct sockaddr *sa,
                         OM_uint32 *addr_type,
                         gss_buffer_desc *gss_addr)
{
    switch (sa->sa_family) {
#ifdef HAVE_IPV6
    case AF_INET6 : {
        struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa;

        gss_addr->length = 16;
        gss_addr->value  = &sin6->sin6_addr;
        *addr_type       = GSS_C_AF_INET6;
        break;
    }
#endif
    case AF_INET : {
        struct sockaddr_in *sin4 = (struct sockaddr_in *)sa;

        gss_addr->length = 4;
        gss_addr->value  = &sin4->sin_addr;
        *addr_type       = GSS_C_AF_INET;
        break;
    }
    default :
        errx (1, "unknown address family %d", sa->sa_family);

    }
}



Solaris:


           get_inet_addr_info(&myctladdr, &temp_buf);
           chan.initiator_addrtype = GSS_C_AF_INET; /* OM_uint32  */
           chan.initiator_address.length =  temp_buf.length;
           chan.initiator_address.value = malloc(temp_buf.length);
           memcpy(chan.initiator_address.value, temp_buf.value, 
temp_buf.length);

          get_inet_addr_info(&remctladdr, &temp_buf);
          chan.acceptor_addrtype = GSS_C_AF_INET; /* OM_uint32 */
          chan.acceptor_address.length = temp_buf.length;
          chan.acceptor_address.value = malloc(temp_buf.length);
          memcpy(chan.acceptor_address.value, temp_buf.value, 
temp_buf.length);


MIT:

         struct gss_channel_bindings_struct chan;
          chan.initiator_addrtype = GSS_C_AF_INET; /* OM_uint32  */
          chan.initiator_address.length = 4;
          chan.initiator_address.value = &myctladdr.sin_addr.s_addr;
          chan.acceptor_addrtype = GSS_C_AF_INET; /* OM_uint32 */
          chan.acceptor_address.length = 4;
          chan.acceptor_address.value = &hisctladdr.sin_addr.s_addr;
          chan.application_data.length = 0;
          chan.application_data.value = 0;





More information about the Kerberos mailing list