diff options
author | gibbs <gibbs@FreeBSD.org> | 1995-10-05 21:30:21 +0000 |
---|---|---|
committer | gibbs <gibbs@FreeBSD.org> | 1995-10-05 21:30:21 +0000 |
commit | 2734551417f3e16093c4cc8de51248dd743fa17b (patch) | |
tree | 9410ca0cafe506eca75c35934448a29ad19a6482 /usr.bin/su | |
parent | 73c29c06751229bf5749b8422047cf613fb47bbc (diff) | |
download | FreeBSD-src-2734551417f3e16093c4cc8de51248dd743fa17b.zip FreeBSD-src-2734551417f3e16093c4cc8de51248dd743fa17b.tar.gz |
Kerberos can now deal with multi-homed clients.
Kerberos obtains a network address for the local host from the routing
tables and uses it consistently for all Kerberos transactions. This ensures
that packets only leave the *authenticated* interface. Clients who open
and use their own sockets for encrypted or authenticated correspondance
to kerberos services should bind their sockets to the same address as that
used by kerberos. krb_get_local_addr() and krb_bind_local_addr() allow
clients to obtain the local address or bind a socket to the local address
used by Kerberos respectively.
Reviewed by: Mark Murray <markm>, Garrett Wollman <wollman>
Obtained from: concept by Dieter Dworkin Muller <dworkin@village.org>
Diffstat (limited to 'usr.bin/su')
-rw-r--r-- | usr.bin/su/su.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/usr.bin/su/su.c b/usr.bin/su/su.c index e8afb37..521d88a 100644 --- a/usr.bin/su/su.c +++ b/usr.bin/su/su.c @@ -340,6 +340,7 @@ kerberos(username, user, uid) char *p; int kerno; u_long faddr; + struct sockaddr_in local_addr; char lrealm[REALM_SZ], krbtkfile[MAXPATHLEN]; char hostname[MAXHOSTNAMELEN], savehost[MAXHOSTNAMELEN]; char *krb_get_phost(); @@ -423,13 +424,13 @@ kerberos(username, user, uid) dest_tkt(); return (1); } else { - if (!(hp = gethostbyname(hostname))) { - warnx("can't get addr of %s", hostname); + if ((kerno = krb_get_local_addr(&local_addr)) != KSUCCESS) { + warnx("Unable to get our local address: %s", + krb_err_txt[kerno]); dest_tkt(); return (1); } - memmove((char *)&faddr, (char *)hp->h_addr, sizeof(faddr)); - + faddr = local_addr.sin_addr.s_addr; if ((kerno = krb_rd_req(&ticket, "rcmd", savehost, faddr, &authdata, "")) != KSUCCESS) { warnx("kerberos: unable to verify rcmd ticket: %s\n", |