From 2734551417f3e16093c4cc8de51248dd743fa17b Mon Sep 17 00:00:00 2001 From: gibbs Date: Thu, 5 Oct 1995 21:30:21 +0000 Subject: Kerberos can now deal with multi-homed clients. Kerberos obtains a network address for the local host from the routing tables and uses it consistently for all Kerberos transactions. This ensures that packets only leave the *authenticated* interface. Clients who open and use their own sockets for encrypted or authenticated correspondance to kerberos services should bind their sockets to the same address as that used by kerberos. krb_get_local_addr() and krb_bind_local_addr() allow clients to obtain the local address or bind a socket to the local address used by Kerberos respectively. Reviewed by: Mark Murray , Garrett Wollman Obtained from: concept by Dieter Dworkin Muller --- eBones/usr.sbin/kprop/kprop.c | 56 ++++++++++++++++++++++++++++--------------- 1 file changed, 37 insertions(+), 19 deletions(-) (limited to 'eBones/usr.sbin') diff --git a/eBones/usr.sbin/kprop/kprop.c b/eBones/usr.sbin/kprop/kprop.c index 23bb893..4307330 100644 --- a/eBones/usr.sbin/kprop/kprop.c +++ b/eBones/usr.sbin/kprop/kprop.c @@ -5,14 +5,33 @@ * For copying and distribution information, * please see the file . * - * $Revision: 1.1.1.1 $ - * $Date: 1995/08/03 07:36:18 $ + * $Revision: 1.3 $ + * $Date: 1995/09/07 21:37:34 $ * $State: Exp $ - * $Source: /usr/cvs/src/eBones/kprop/kprop.c,v $ - * $Author: mark $ + * $Source: /home/ncvs/src/eBones/usr.sbin/kprop/kprop.c,v $ + * $Author: markm $ * $Locker: $ * * $Log: kprop.c,v $ + * Revision 1.3 1995/09/07 21:37:34 markm + * Major cleanup of eBones code: + * + * - Get all functions prototyped or at least defined before use. + * - Make code compile (Mostly) clean with -Wall set + * - Start to reduce the degree to which DES aka libdes is built in. + * - get all functions to the same uniform standard of definition: + * int + * foo(a, b) + * int a; + * int *b; + * { + * : + * } + * - fix numerous bugs exposed by above processes. + * + * Note - this replaces the previous work which used an unpopular function + * definition style. + * * Revision 1.1.1.1 1995/08/03 07:36:18 mark * Import an updated revision of the MIT kprop program for distributing * kerberos databases to slave servers. @@ -73,7 +92,7 @@ #if 0 #ifndef lint static char rcsid_kprop_c[] = -"$Id: kprop.c,v 1.1.1.1 1995/08/03 07:36:18 mark Exp $"; +"$Id: kprop.c,v 1.3 1995/09/07 21:37:34 markm Exp $"; #endif lint #endif @@ -333,26 +352,25 @@ prop_to_slaves(sl, fd, fslv) } bcopy(&cs->net_addr, &sin.sin_addr, sizeof cs->net_addr); - - if (connect(s, (struct sockaddr *) &sin, sizeof sin) < 0) { - fprintf(stderr, "%s: ", cs->name); - perror("connect"); - close(s); - continue; /*** NEXT SLAVE ***/ - } - /* for krb_mk_{priv, safe} */ bzero (&my_sin, sizeof my_sin); n = sizeof my_sin; - if (getsockname (s, (struct sockaddr *) &my_sin, &n) != 0) { - fprintf (stderr, "kprop: can't get socketname."); - perror ("getsockname"); + if ((kerror = krb_get_local_addr (&my_sin)) != KSUCCESS) { + fprintf (stderr, "kprop: can't get local address: %s\n", + krb_err_txt[kerror]); close (s); continue; /*** NEXT SLAVE ***/ } - if (n != sizeof (my_sin)) { - fprintf (stderr, "kprop: can't get socketname. len"); - close (s); + if (bind(s, (struct sockaddr *) &my_sin, sizeof my_sin) < 0) { + fprintf(stderr, "Unable to bind local address: "); + perror("bind"); + close(s); + continue; + } + if (connect(s, (struct sockaddr *) &sin, sizeof sin) < 0) { + fprintf(stderr, "%s: ", cs->name); + perror("connect"); + close(s); continue; /*** NEXT SLAVE ***/ } -- cgit v1.1