------------------------------------------------------------------------
r24967 | ghudson | 2011-06-13 14:54:33 -0400 (Mon, 13 Jun 2011) | 12 lines
ticket: 6920
subject: Fix old-style GSSRPC authentication
target_version: 1.9.2
tags: pullup
r24147 (ticket #6746) made libgssrpc ignorant of the remote address of
the kadmin socket, even when it's IPv4. This made old-style GSSAPI
authentication fail because it uses the wrong channel bindings. Fix
this problem by making clnttcp_create() get the remote address from
the socket using getpeername() if the caller doesn't provide it and
it's an IPv4 address.
ticket: 6920
version_fixed: 1.9.2
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-9@24971
dc483132-0cff-0310-8789-
dd5450dbe970
ct->ct_sock = *sockp;
ct->ct_wait.tv_usec = 0;
ct->ct_waitset = FALSE;
- if (raddr == NULL)
- memset(&ct->ct_addr, 0, sizeof(ct->ct_addr));
- else
+ if (raddr == NULL) {
+ /* Get the remote address from the socket, if it's IPv4. */
+ struct sockaddr_in sin;
+ socklen_t len = sizeof(sin);
+ int ret = getpeername(ct->ct_sock, (struct sockaddr *)&sin, &len);
+ if (ret == 0 && len == sizeof(sin) && sin.sin_family == AF_INET)
+ ct->ct_addr = sin;
+ else
+ memset(&ct->ct_addr, 0, sizeof(ct->ct_addr));
+ } else
ct->ct_addr = *raddr;
/*
projects / krb5.git / commitdiff