Fix old-style GSSRPC authentication

r24147 (ticket #6746) made libgssrpc ignorant of the remote address of
the kadmin socket, even when it's IPv4.  This made old-style GSSAPI
authentication fail because it uses the wrong channel bindings.  Fix
this problem by making clnttcp_create() get the remote address from
the socket using getpeername() if the caller doesn't provide it and
it's an IPv4 address.

ticket: 6920
target_version: 1.9.2
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24967 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/rpc/clnt_tcp.c b/src/lib/rpc/clnt_tcp.c
index 37f1275605c9aee8133e76a323d77975528507ac..2affc28bda5bab8468d990e310b3e4d689383632 100644 (file)
--- a/src/lib/rpc/clnt_tcp.c
+++ b/src/lib/rpc/clnt_tcp.c
@@ -187,9 +187,16 @@ clnttcp_create(
        ct->ct_sock = *sockp;
        ct->ct_wait.tv_usec = 0;
        ct->ct_waitset = FALSE;
-       if (raddr == NULL)
-           memset(&ct->ct_addr, 0, sizeof(ct->ct_addr));
-       else
+       if (raddr == NULL) {
+           /* Get the remote address from the socket, if it's IPv4. */
+           struct sockaddr_in sin;
+           socklen_t len = sizeof(sin);
+           int ret = getpeername(ct->ct_sock, (struct sockaddr *)&sin, &len);
+           if (ret == 0 && len == sizeof(sin) && sin.sin_family == AF_INET)
+               ct->ct_addr = sin;
+           else
+               memset(&ct->ct_addr, 0, sizeof(ct->ct_addr));
+       } else
            ct->ct_addr = *raddr;
 
        /*