diff options
| author | Greg Hudson <ghudson@mit.edu> | 2011-06-13 18:54:33 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2011-06-13 18:54:33 +0000 |
| commit | df939cf166c1dd11d43b4b05a97651fa4fcf296e (patch) | |
| tree | 10fc37c0c638b41011c7d9e91c324cbec697fbac /src/lib | |
| parent | b679ed1ac8cb5aeffd9b73969e19b2197ed0f05e (diff) | |
| download | krb5-df939cf166c1dd11d43b4b05a97651fa4fcf296e.tar.gz krb5-df939cf166c1dd11d43b4b05a97651fa4fcf296e.tar.xz krb5-df939cf166c1dd11d43b4b05a97651fa4fcf296e.zip | |
Fix old-style GSSRPC authentication
r24147 (ticket #6746) made libgssrpc ignorant of the remote address of
the kadmin socket, even when it's IPv4. This made old-style GSSAPI
authentication fail because it uses the wrong channel bindings. Fix
this problem by making clnttcp_create() get the remote address from
the socket using getpeername() if the caller doesn't provide it and
it's an IPv4 address.
ticket: 6920
target_version: 1.9.2
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24967 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/rpc/clnt_tcp.c | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/src/lib/rpc/clnt_tcp.c b/src/lib/rpc/clnt_tcp.c index 37f127560..2affc28bd 100644 --- a/src/lib/rpc/clnt_tcp.c +++ b/src/lib/rpc/clnt_tcp.c @@ -187,9 +187,16 @@ clnttcp_create( ct->ct_sock = *sockp; ct->ct_wait.tv_usec = 0; ct->ct_waitset = FALSE; - if (raddr == NULL) - memset(&ct->ct_addr, 0, sizeof(ct->ct_addr)); - else + if (raddr == NULL) { + /* Get the remote address from the socket, if it's IPv4. */ + struct sockaddr_in sin; + socklen_t len = sizeof(sin); + int ret = getpeername(ct->ct_sock, (struct sockaddr *)&sin, &len); + if (ret == 0 && len == sizeof(sin) && sin.sin_family == AF_INET) + ct->ct_addr = sin; + else + memset(&ct->ct_addr, 0, sizeof(ct->ct_addr)); + } else ct->ct_addr = *raddr; /* |