- pull a fix from SVN to get libgssrpc clients (e.g. kadmin) authenticating
using the old protocol over IPv4 again (RT#6920)
This commit is contained in:
Nalin Dahyabhai
parent
6a7a118058
commit
17c9104b1d
39
krb5-trunk-kadmin-oldproto.patch
Normal file
39
krb5-trunk-kadmin-oldproto.patch
Normal file
@ -0,0 +1,39 @@
|
||||
------------------------------------------------------------------------
|
||||
r24967 | ghudson | 2011-06-13 14:54:33 -0400 (Mon, 13 Jun 2011) | 11 lines
|
||||
|
||||
ticket: 6920
|
||||
subject: Fix old-style GSSRPC authentication
|
||||
target_version: 1.9.2
|
||||
tags: pullup
|
||||
|
||||
r24147 (ticket #6746) made libgssrpc ignorant of the remote address of
|
||||
the kadmin socket, even when it's IPv4. This made old-style GSSAPI
|
||||
authentication fail because it uses the wrong channel bindings. Fix
|
||||
this problem by making clnttcp_create() get the remote address from
|
||||
the socket using getpeername() if the caller doesn't provide it and
|
||||
it's an IPv4 address.
|
||||
------------------------------------------------------------------------
|
||||
Index: src/lib/rpc/clnt_tcp.c
|
||||
===================================================================
|
||||
--- src/lib/rpc/clnt_tcp.c (revision 24966)
|
||||
+++ src/lib/rpc/clnt_tcp.c (revision 24967)
|
||||
@@ -187,9 +187,16 @@
|
||||
ct->ct_sock = *sockp;
|
||||
ct->ct_wait.tv_usec = 0;
|
||||
ct->ct_waitset = FALSE;
|
||||
- if (raddr == NULL)
|
||||
- memset(&ct->ct_addr, 0, sizeof(ct->ct_addr));
|
||||
- else
|
||||
+ if (raddr == NULL) {
|
||||
+ /* Get the remote address from the socket, if it's IPv4. */
|
||||
+ struct sockaddr_in sin;
|
||||
+ socklen_t len = sizeof(sin);
|
||||
+ int ret = getpeername(ct->ct_sock, (struct sockaddr *)&sin, &len);
|
||||
+ if (ret == 0 && len == sizeof(sin) && sin.sin_family == AF_INET)
|
||||
+ ct->ct_addr = sin;
|
||||
+ else
|
||||
+ memset(&ct->ct_addr, 0, sizeof(ct->ct_addr));
|
||||
+ } else
|
||||
ct->ct_addr = *raddr;
|
||||
|
||||
/*
|
||||
@ -53,6 +53,7 @@ Patch75: krb5-pkinit-debug.patch
|
||||
Patch77: krb5-1.9-paren.patch
|
||||
Patch78: krb5-trunk-chpw-err.patch
|
||||
Patch79: krb5-klist_s.patch
|
||||
Patch80: krb5-trunk-kadmin-oldproto.patch
|
||||
|
||||
License: MIT
|
||||
URL: http://web.mit.edu/kerberos/www/
|
||||
@ -197,6 +198,7 @@ ln -s NOTICE LICENSE
|
||||
%patch77 -p1 -b .paren
|
||||
%patch78 -p0 -b .chpw-err
|
||||
%patch79 -p1 -b .klist_s
|
||||
%patch80 -p0 -b .kadmin-oldproto
|
||||
gzip doc/*.ps
|
||||
|
||||
sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex
|
||||
@ -656,6 +658,10 @@ exit 0
|
||||
%{_sbindir}/uuserver
|
||||
|
||||
%changelog
|
||||
* Tue Jun 14 2011 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- pull a fix from SVN to get libgssrpc clients (e.g. kadmin) authenticating
|
||||
using the old protocol over IPv4 again (RT#6920)
|
||||
|
||||
* Tue Jun 14 2011 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- incorporate a fix to teach the file labeling bits about when replay caches
|
||||
are expunged (#576093)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user