Kerberos can now deal with multi-homed clients.

Kerberos obtains a network address for the local host from the routing
tables and uses it consistently for all Kerberos transactions.  This ensures
that packets only leave the *authenticated* interface.  Clients who open
and use their own sockets for encrypted or authenticated correspondance
to kerberos services should bind their sockets to the same address as that
used by kerberos.  krb_get_local_addr() and krb_bind_local_addr() allow
clients to obtain the local address or bind a socket to the local address
used by Kerberos respectively.

Reviewed by: Mark Murray <markm>, Garrett Wollman <wollman>
Obtained from: concept by Dieter Dworkin Muller <dworkin@village.org>

2 files changed, 7 insertions, 4 deletions

diff --git a/usr.bin/rlogin/kcmd.c b/usr.bin/rlogin/kcmd.c
index 3f6a138..14c0367 100644
--- a/usr.bin/rlogin/kcmd.c
+++ b/usr.bin/rlogin/kcmd.c
@@ -278,11 +278,14 @@ getport(alport)
 	int *alport;
 {
 	struct sockaddr_in sin;
-	int s;
+	int s, retval;
 
-	sin.sin_family = AF_INET;
-	sin.sin_addr.s_addr = INADDR_ANY;
 	s = socket(AF_INET, SOCK_STREAM, 0);
+	if ((retval = krb_get_local_addr(&sin)) != KSUCCESS) {
+		fprintf(stderr, "krb_get_local_addr: %s\n",krb_err_txt[retval]);
+		close(s);
+		return (-1);
+	}
 	if (s < 0)
 		return (-1);
 	for (;;) {
diff --git a/usr.bin/rlogin/rlogin.c b/usr.bin/rlogin/rlogin.c
index 9de1daf..320844f 100644
--- a/usr.bin/rlogin/rlogin.c
+++ b/usr.bin/rlogin/rlogin.c
@@ -301,7 +301,7 @@ try_connect:
 		if (doencrypt) {
 			rem = krcmd_mutual(&host, sp->s_port, user, term, 0,
 			    dest_realm, &cred, schedule);
-			des_set_key(cred.session, schedule);
+			des_set_key(&cred.session, schedule);
 		} else
 #endif /* CRYPT */
 			rem = krcmd(&host, sp->s_port, user, term, 0,