diff options
author | gibbs <gibbs@FreeBSD.org> | 1995-10-05 21:30:21 +0000 |
---|---|---|
committer | gibbs <gibbs@FreeBSD.org> | 1995-10-05 21:30:21 +0000 |
commit | 2734551417f3e16093c4cc8de51248dd743fa17b (patch) | |
tree | 9410ca0cafe506eca75c35934448a29ad19a6482 /usr.bin | |
parent | 73c29c06751229bf5749b8422047cf613fb47bbc (diff) | |
download | FreeBSD-src-2734551417f3e16093c4cc8de51248dd743fa17b.zip FreeBSD-src-2734551417f3e16093c4cc8de51248dd743fa17b.tar.gz |
Kerberos can now deal with multi-homed clients.
Kerberos obtains a network address for the local host from the routing
tables and uses it consistently for all Kerberos transactions. This ensures
that packets only leave the *authenticated* interface. Clients who open
and use their own sockets for encrypted or authenticated correspondance
to kerberos services should bind their sockets to the same address as that
used by kerberos. krb_get_local_addr() and krb_bind_local_addr() allow
clients to obtain the local address or bind a socket to the local address
used by Kerberos respectively.
Reviewed by: Mark Murray <markm>, Garrett Wollman <wollman>
Obtained from: concept by Dieter Dworkin Muller <dworkin@village.org>
Diffstat (limited to 'usr.bin')
-rw-r--r-- | usr.bin/rlogin/kcmd.c | 9 | ||||
-rw-r--r-- | usr.bin/rlogin/rlogin.c | 2 | ||||
-rw-r--r-- | usr.bin/rsh/rsh.c | 4 | ||||
-rw-r--r-- | usr.bin/su/su.c | 9 |
4 files changed, 14 insertions, 10 deletions
diff --git a/usr.bin/rlogin/kcmd.c b/usr.bin/rlogin/kcmd.c index 3f6a138..14c0367 100644 --- a/usr.bin/rlogin/kcmd.c +++ b/usr.bin/rlogin/kcmd.c @@ -278,11 +278,14 @@ getport(alport) int *alport; { struct sockaddr_in sin; - int s; + int s, retval; - sin.sin_family = AF_INET; - sin.sin_addr.s_addr = INADDR_ANY; s = socket(AF_INET, SOCK_STREAM, 0); + if ((retval = krb_get_local_addr(&sin)) != KSUCCESS) { + fprintf(stderr, "krb_get_local_addr: %s\n",krb_err_txt[retval]); + close(s); + return (-1); + } if (s < 0) return (-1); for (;;) { diff --git a/usr.bin/rlogin/rlogin.c b/usr.bin/rlogin/rlogin.c index 9de1daf..320844f 100644 --- a/usr.bin/rlogin/rlogin.c +++ b/usr.bin/rlogin/rlogin.c @@ -301,7 +301,7 @@ try_connect: if (doencrypt) { rem = krcmd_mutual(&host, sp->s_port, user, term, 0, dest_realm, &cred, schedule); - des_set_key(cred.session, schedule); + des_set_key(&cred.session, schedule); } else #endif /* CRYPT */ rem = krcmd(&host, sp->s_port, user, term, 0, diff --git a/usr.bin/rsh/rsh.c b/usr.bin/rsh/rsh.c index e2297d5..6b6c396 100644 --- a/usr.bin/rsh/rsh.c +++ b/usr.bin/rsh/rsh.c @@ -40,7 +40,7 @@ static char copyright[] = #ifndef lint static char sccsid[] = "From: @(#)rsh.c 8.3 (Berkeley) 4/6/94"; static char rcsid[] = - "$Id: rsh.c,v 1.3 1995/01/14 20:36:22 wollman Exp $"; + "$Id: rsh.c,v 1.4 1995/05/30 06:33:24 rgrimes Exp $"; #endif /* not lint */ #include <sys/types.h> @@ -233,7 +233,7 @@ try_connect: if (doencrypt) { rem = krcmd_mutual(&host, sp->s_port, user, args, &rfd2, dest_realm, &cred, schedule); - des_set_key(cred.session, schedule); + des_set_key(&cred.session, schedule); } else #endif rem = krcmd(&host, sp->s_port, user, args, &rfd2, diff --git a/usr.bin/su/su.c b/usr.bin/su/su.c index e8afb37..521d88a 100644 --- a/usr.bin/su/su.c +++ b/usr.bin/su/su.c @@ -340,6 +340,7 @@ kerberos(username, user, uid) char *p; int kerno; u_long faddr; + struct sockaddr_in local_addr; char lrealm[REALM_SZ], krbtkfile[MAXPATHLEN]; char hostname[MAXHOSTNAMELEN], savehost[MAXHOSTNAMELEN]; char *krb_get_phost(); @@ -423,13 +424,13 @@ kerberos(username, user, uid) dest_tkt(); return (1); } else { - if (!(hp = gethostbyname(hostname))) { - warnx("can't get addr of %s", hostname); + if ((kerno = krb_get_local_addr(&local_addr)) != KSUCCESS) { + warnx("Unable to get our local address: %s", + krb_err_txt[kerno]); dest_tkt(); return (1); } - memmove((char *)&faddr, (char *)hp->h_addr, sizeof(faddr)); - + faddr = local_addr.sin_addr.s_addr; if ((kerno = krb_rd_req(&ticket, "rcmd", savehost, faddr, &authdata, "")) != KSUCCESS) { warnx("kerberos: unable to verify rcmd ticket: %s\n", |