From af39c5394f666fabf66c6cb88104ff702a3f6064 Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Thu, 7 Aug 1997 21:36:21 +0000 Subject: [PATCH] * cnv_tkt_skey.c: * krb524.h: * krb524d.c: Add jik's patches for multihomed hosts. Fixes krb5-misc/275. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10165 dc483132-0cff-0310-8789-dd5450dbe970 --- src/krb524/ChangeLog | 7 +++++++ src/krb524/cnv_tkt_skey.c | 36 ++++++++++++++++++++++++------------ src/krb524/krb524.h | 3 ++- src/krb524/krb524d.c | 3 ++- 4 files changed, 35 insertions(+), 14 deletions(-) diff --git a/src/krb524/ChangeLog b/src/krb524/ChangeLog index 64ddc9ba8..092fb55ea 100644 --- a/src/krb524/ChangeLog +++ b/src/krb524/ChangeLog @@ -1,3 +1,10 @@ +Thu Aug 7 17:34:59 1997 Tom Yu + + * cnv_tkt_skey.c: + * krb524.h: + * krb524d.c: Add jik's patches for multihomed hosts. Fixes + krb5-misc/275. + Tue Feb 18 09:53:10 1997 Ezra Peisach * k524init.c, test.c, cnv_tkt_skey.c: Remove include of krb4-proto.h diff --git a/src/krb524/cnv_tkt_skey.c b/src/krb524/cnv_tkt_skey.c index 37087c876..1903abc4e 100644 --- a/src/krb524/cnv_tkt_skey.c +++ b/src/krb524/cnv_tkt_skey.c @@ -55,17 +55,20 @@ static long cmu_seconds[] = * Convert a v5 ticket for server to a v4 ticket, using service key * skey for both. */ -int krb524_convert_tkt_skey(context, v5tkt, v4tkt, v5_skey, v4_skey) +int krb524_convert_tkt_skey(context, v5tkt, v4tkt, v5_skey, v4_skey, + saddr) krb5_context context; krb5_ticket *v5tkt; KTEXT_ST *v4tkt; krb5_keyblock *v5_skey, *v4_skey; + struct sockaddr_in *saddr; { char pname[ANAME_SZ], pinst[INST_SZ], prealm[REALM_SZ]; char sname[ANAME_SZ], sinst[INST_SZ]; krb5_enc_tkt_part *v5etkt; int ret, lifetime, deltatime; krb5_timestamp server_time; + krb5_address **caddr, *good_addr = 0; v5tkt->enc_part2 = NULL; if ((ret = krb5_decrypt_tkt_part(context, v5_skey, v5tkt))) { @@ -132,16 +135,25 @@ int krb524_convert_tkt_skey(context, v5tkt, v4tkt, v5_skey, v4_skey) return KRB5KRB_AP_ERR_TKT_NYV; } - /* XXX perhaps we should use the addr of the client host if */ - /* v5creds contains more than one addr. Q: Does V4 support */ - /* non-INET addresses? */ - if (!v5etkt->caddrs || !v5etkt->caddrs[0] || - v5etkt->caddrs[0]->addrtype != ADDRTYPE_INET) { - if (krb524_debug) - fprintf(stderr, "Invalid v5creds address information.\n"); - krb5_free_enc_tkt_part(context, v5etkt); - v5tkt->enc_part2 = NULL; - return KRB524_BADADDR; + for (caddr = v5etkt->caddrs; *caddr; caddr++) { + if (v5etkt->caddrs[0]->addrtype == ADDRTYPE_INET) { + if (! memcmp((*caddr)->contents, &saddr->sin_addr, + sizeof(saddr->sin_addr))) { + good_addr = *caddr; + break; + } + else if (! good_addr) { + good_addr = *caddr; + } + } + } + + if (! good_addr) { + if (krb524_debug) + fprintf(stderr, "Invalid v5creds address information.\n"); + krb5_free_enc_tkt_part(context, v5etkt); + v5tkt->enc_part2 = NULL; + return KRB524_BADADDR; } if (krb524_debug) @@ -156,7 +168,7 @@ int krb524_convert_tkt_skey(context, v5tkt, v4tkt, v5_skey, v4_skey) pname, pinst, prealm, - *((unsigned long *)v5etkt->caddrs[0]->contents), + *((unsigned long *)good_addr->contents), (char *) v5etkt->session->contents, lifetime, /* issue_data */ diff --git a/src/krb524/krb524.h b/src/krb524/krb524.h index 87ff21d74..da9c008e7 100644 --- a/src/krb524/krb524.h +++ b/src/krb524/krb524.h @@ -32,7 +32,8 @@ extern int krb524_debug; int krb524_convert_tkt_skey KRB5_PROTOTYPE((krb5_context context, krb5_ticket *v5tkt, KTEXT_ST *v4tkt, - krb5_keyblock *v5_skey, krb5_keyblock *v4_skey)); + krb5_keyblock *v5_skey, krb5_keyblock *v4_skey, + struct sockaddr_in *saddr)); /* conv_princ.c */ diff --git a/src/krb524/krb524d.c b/src/krb524/krb524d.c index 7d6e9ba16..d759313b9 100644 --- a/src/krb524/krb524d.c +++ b/src/krb524/krb524d.c @@ -292,7 +292,8 @@ krb5_error_code do_connection(s, context) printf("service key retrieved\n"); ret = krb524_convert_tkt_skey(context, v5tkt, &v4tkt, &v5_service_key, - &v4_service_key); + &v4_service_key, + (struct sockaddr_in *)&saddr); if (ret) goto error; -- 2.26.2