- pull up patch to get the client libraries to correctly perform password

changes over IPv6 (Sumit Bose, RT#6661)
2010-03-08 16:47:24 +00:00 · 2010-03-08 16:47:24 +00:00 · 516763ea91
commit 516763ea91
parent 70840ba4e4
2 changed files with 81 additions and 0 deletions
--- a/krb5-trunk-kpasswd_ipv6.patch
+++ b/krb5-trunk-kpasswd_ipv6.patch
@ -0,0 +1,75 @@
+Get the client libraries to correctly attempt password changes when using
+IPv6.  Sumit Bose, RT#6661
+
+Index: src/lib/krb5/os/changepw.c
+===================================================================
+--- src/lib/krb5/os/changepw.c	(revision 23766)
+++ src/lib/krb5/os/changepw.c	(revision 23767)
+@@ -65,20 +65,23 @@
+     int sockType = (useTcp ? SOCK_STREAM : SOCK_DGRAM);
+ 
+     code = krb5int_locate_server (context, realm, addrlist,
+-                                  locate_service_kpasswd, sockType, AF_INET);
+                                  locate_service_kpasswd, sockType, AF_UNSPEC);
+ 
+     if (code == KRB5_REALM_CANT_RESOLVE || code == KRB5_REALM_UNKNOWN) {
+         code = krb5int_locate_server (context, realm, addrlist,
+                                       locate_service_kadmin, SOCK_STREAM,
+-                                      AF_INET);
+                                      AF_UNSPEC);
+         if (!code) {
+             /* Success with admin_server but now we need to change the
+                port number to use DEFAULT_KPASSWD_PORT and the socktype.  */
+             size_t i;
+             for (i=0; i<addrlist->naddrs; i++) {
+                 struct addrinfo *a = addrlist->addrs[i].ai;
+                krb5_ui_2 kpasswd_port = htons(DEFAULT_KPASSWD_PORT);
+                 if (a->ai_family == AF_INET)
+-                    sa2sin (a->ai_addr)->sin_port = htons(DEFAULT_KPASSWD_PORT);
+                    sa2sin (a->ai_addr)->sin_port = kpasswd_port;
+                if (a->ai_family == AF_INET6)
+                    sa2sin6 (a->ai_addr)->sin6_port = kpasswd_port;
+                 if (sockType != SOCK_STREAM)
+                     a->ai_socktype = sockType;
+             }
+@@ -131,10 +134,16 @@
+     /* some brain-dead OS's don't return useful information from
+      * the getsockname call.  Namely, windows and solaris.  */
+ 
+-    if (ss2sin(&local_addr)->sin_addr.s_addr != 0) {
+    if (local_addr.ss_family == AF_INET &&
+        ss2sin(&local_addr)->sin_addr.s_addr != 0) {
+         local_kaddr.addrtype = ADDRTYPE_INET;
+         local_kaddr.length = sizeof(ss2sin(&local_addr)->sin_addr);
+         local_kaddr.contents = (krb5_octet *) &ss2sin(&local_addr)->sin_addr;
+    } else if (local_addr.ss_family == AF_INET6 &&
+               ss2sin6(&local_addr)->sin6_addr.s6_addr != 0) {
+        local_kaddr.addrtype = ADDRTYPE_INET6;
+        local_kaddr.length = sizeof(ss2sin6(&local_addr)->sin6_addr);
+        local_kaddr.contents = (krb5_octet *) &ss2sin6(&local_addr)->sin6_addr;
+     } else {
+         krb5_address **addrs;
+ 
+@@ -278,9 +287,19 @@
+             break;
+         }
+ 
+-        remote_kaddr.addrtype = ADDRTYPE_INET;
+-        remote_kaddr.length = sizeof(ss2sin(&remote_addr)->sin_addr);
+-        remote_kaddr.contents = (krb5_octet *) &ss2sin(&remote_addr)->sin_addr;
+        if (remote_addr.ss_family == AF_INET) {
+            remote_kaddr.addrtype = ADDRTYPE_INET;
+            remote_kaddr.length = sizeof(ss2sin(&remote_addr)->sin_addr);
+            remote_kaddr.contents =
+                (krb5_octet *) &ss2sin(&remote_addr)->sin_addr;
+        } else if (remote_addr.ss_family == AF_INET6) {
+            remote_kaddr.addrtype = ADDRTYPE_INET6;
+            remote_kaddr.length = sizeof(ss2sin6(&remote_addr)->sin6_addr);
+            remote_kaddr.contents =
+                (krb5_octet *) &ss2sin6(&remote_addr)->sin6_addr;
+        } else {
+            break;
+        }
+ 
+         if ((code = krb5_auth_con_setaddrs(callback_ctx.context,
+                                            callback_ctx.auth_context,
--- a/krb5.spec
+++ b/krb5.spec
@ -93,6 +93,7 @@ Patch93: krb5-1.7-create_on_load.patch
 Patch95: krb5-1.8-opte.patch
 Patch96: krb5-1.8-exp_warn.patch
 Patch98: krb5-1.8-kpasswd_ccache.patch
+Patch99: krb5-trunk-kpasswd_ipv6.patch

 License: MIT
 URL: http://web.mit.edu/kerberos/www/
@ -294,6 +295,7 @@ popd
 %patch95 -p1 -b .opte
 %patch96 -p1 -b .exp_warn
 %patch98 -p1 -b .kpasswd-ccache
+%patch99 -p0 -b .kpasswd-ipv6
 gzip doc/*.ps

 sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex
@ -867,6 +869,10 @@ exit 0
 %{_sbindir}/uuserver

 %changelog
+* Mon Mar  8 2010 Nalin Dahyabhai <nalin@redhat.com>
+- pull up patch to get the client libraries to correctly perform password
+  changes over IPv6 (Sumit Bose, RT#6661)
+
 * Fri Mar  5 2010 Nalin Dahyabhai <nalin@redhat.com> - 1.8-1
 - update to 1.8
  - temporarily bundling the krb5-appl package (split upstream as of 1.8)