c4923edfdd
- update to version 1.9.1
* obsolete patches:
MITKRB5-SA-2010-007-1.8.dif
krb5-1.8-MITKRB5-SA-2010-006.dif
krb5-1.8-MITKRB5-SA-2011-001.dif
krb5-1.8-MITKRB5-SA-2011-002.dif
krb5-1.8-MITKRB5-SA-2011-003.dif
krb5-1.8-MITKRB5-SA-2011-004.dif
krb5-1.4.3-enospc.dif
* replace krb5-1.6.1-compile_pie.dif
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=45
40 lines
1.4 KiB
Diff
40 lines
1.4 KiB
Diff
------------------------------------------------------------------------
|
|
r24967 | ghudson | 2011-06-13 14:54:33 -0400 (Mon, 13 Jun 2011) | 11 lines
|
|
|
|
ticket: 6920
|
|
subject: Fix old-style GSSRPC authentication
|
|
target_version: 1.9.2
|
|
tags: pullup
|
|
|
|
r24147 (ticket #6746) made libgssrpc ignorant of the remote address of
|
|
the kadmin socket, even when it's IPv4. This made old-style GSSAPI
|
|
authentication fail because it uses the wrong channel bindings. Fix
|
|
this problem by making clnttcp_create() get the remote address from
|
|
the socket using getpeername() if the caller doesn't provide it and
|
|
it's an IPv4 address.
|
|
------------------------------------------------------------------------
|
|
Index: src/lib/rpc/clnt_tcp.c
|
|
===================================================================
|
|
--- src/lib/rpc/clnt_tcp.c (revision 24966)
|
|
+++ src/lib/rpc/clnt_tcp.c (revision 24967)
|
|
@@ -187,9 +187,16 @@
|
|
ct->ct_sock = *sockp;
|
|
ct->ct_wait.tv_usec = 0;
|
|
ct->ct_waitset = FALSE;
|
|
- if (raddr == NULL)
|
|
- memset(&ct->ct_addr, 0, sizeof(ct->ct_addr));
|
|
- else
|
|
+ if (raddr == NULL) {
|
|
+ /* Get the remote address from the socket, if it's IPv4. */
|
|
+ struct sockaddr_in sin;
|
|
+ socklen_t len = sizeof(sin);
|
|
+ int ret = getpeername(ct->ct_sock, (struct sockaddr *)&sin, &len);
|
|
+ if (ret == 0 && len == sizeof(sin) && sin.sin_family == AF_INET)
|
|
+ ct->ct_addr = sin;
|
|
+ else
|
|
+ memset(&ct->ct_addr, 0, sizeof(ct->ct_addr));
|
|
+ } else
|
|
ct->ct_addr = *raddr;
|
|
|
|
/*
|