Kerberos can now deal with multi-homed clients.

Kerberos obtains a network address for the local host from the routing
tables and uses it consistently for all Kerberos transactions.  This ensures
that packets only leave the *authenticated* interface.  Clients who open
and use their own sockets for encrypted or authenticated correspondance
to kerberos services should bind their sockets to the same address as that
used by kerberos.  krb_get_local_addr() and krb_bind_local_addr() allow
clients to obtain the local address or bind a socket to the local address
used by Kerberos respectively.

Reviewed by: Mark Murray <markm>, Garrett Wollman <wollman>
Obtained from: concept by Dieter Dworkin Muller <dworkin@village.org>

1 files changed, 37 insertions, 19 deletions

diff --git a/eBones/usr.sbin/kprop/kprop.c b/eBones/usr.sbin/kprop/kprop.c
index 23bb893..4307330 100644
--- a/eBones/usr.sbin/kprop/kprop.c
+++ b/eBones/usr.sbin/kprop/kprop.c
@@ -5,14 +5,33 @@
  * For copying and distribution information,
  * please see the file <mit-copyright.h>.
  *
- * $Revision: 1.1.1.1 $
- * $Date: 1995/08/03 07:36:18 $
+ * $Revision: 1.3 $
+ * $Date: 1995/09/07 21:37:34 $
  * $State: Exp $
- * $Source: /usr/cvs/src/eBones/kprop/kprop.c,v $
- * $Author: mark $
+ * $Source: /home/ncvs/src/eBones/usr.sbin/kprop/kprop.c,v $
+ * $Author: markm $
  * $Locker:  $
  *
  * $Log: kprop.c,v $
+ * Revision 1.3  1995/09/07  21:37:34  markm
+ * Major cleanup of eBones code:
+ *
+ * - Get all functions prototyped or at least defined before use.
+ * - Make code compile (Mostly) clean with -Wall set
+ * - Start to reduce the degree to which DES aka libdes is built in.
+ * - get all functions to the same uniform standard of definition:
+ * int
+ * foo(a, b)
+ * int a;
+ * int *b;
+ * {
+ *    :
+ * }
+ * - fix numerous bugs exposed by above processes.
+ *
+ * Note - this replaces the previous work which used an unpopular function
+ *  definition style.
+ *
  * Revision 1.1.1.1  1995/08/03  07:36:18  mark
  * Import an updated revision of the MIT kprop program for distributing
  * kerberos databases to slave servers.
@@ -73,7 +92,7 @@
 #if 0
 #ifndef	lint
 static char rcsid_kprop_c[] =
-"$Id: kprop.c,v 1.1.1.1 1995/08/03 07:36:18 mark Exp $";
+"$Id: kprop.c,v 1.3 1995/09/07 21:37:34 markm Exp $";
 #endif	lint
 #endif
 
@@ -333,26 +352,25 @@ prop_to_slaves(sl, fd, fslv)
 		}
 		bcopy(&cs->net_addr, &sin.sin_addr,
 		      sizeof cs->net_addr);
-
-		if (connect(s, (struct sockaddr *) &sin, sizeof sin) < 0) {
-		    fprintf(stderr, "%s: ", cs->name);
-		    perror("connect");
-		    close(s);
-		    continue;	/*** NEXT SLAVE ***/
-		}
-		
 		/* for krb_mk_{priv, safe} */
 		bzero (&my_sin, sizeof my_sin);
 		n = sizeof my_sin;
-		if (getsockname (s, (struct sockaddr *) &my_sin, &n) != 0) {
-		    fprintf (stderr, "kprop: can't get socketname.");
-		    perror ("getsockname");
+		if ((kerror = krb_get_local_addr (&my_sin)) != KSUCCESS) {
+		    fprintf (stderr, "kprop: can't get local address: %s\n",
+			     krb_err_txt[kerror]);
 		    close (s);
 		    continue;	/*** NEXT SLAVE ***/
 		}
-		if (n != sizeof (my_sin)) {
-		    fprintf (stderr, "kprop: can't get socketname. len");
-		    close (s);
+		if (bind(s, (struct sockaddr *) &my_sin, sizeof my_sin) < 0) {
+		    fprintf(stderr, "Unable to bind local address: ");
+		    perror("bind");
+		    close(s);
+		    continue;
+		}
+		if (connect(s, (struct sockaddr *) &sin, sizeof sin) < 0) {
+		    fprintf(stderr, "%s: ", cs->name);
+		    perror("connect");
+		    close(s);
 		    continue;	/*** NEXT SLAVE ***/
 		}