[30935] in CVS-changelog-for-Kerberos-V5


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

krb5 commit: Allow kprop over more types of NATs

daemon@ATHENA.MIT.EDU (Greg Hudson)
Fri Jan 8 11:43:48 2021

Date: Fri, 8 Jan 2021 11:43:20 -0500
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <202101081643.108GhKcx004296@drugstore.mit.edu>
To: <cvs-krb5@mit.edu>
MIME-Version: 1.0
Reply-To: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu

https://github.com/krb5/krb5/commit/92cc557796e72b49f2bd50f6b705dc3b8acf357e
commit 92cc557796e72b49f2bd50f6b705dc3b8acf357e
Author: Greg Hudson <ghudson@mit.edu>
Date:   Thu Jan 7 12:34:57 2021 -0500

    Allow kprop over more types of NATs
    
    Do not send an r-address in messages from kprop, so that kpropd will
    not check it against the receiver address.  This change allows kprop
    to work when a NAT changes the destination address.  (Commit
    775e496aac2650343ec20826b1ba7f6306a12f3c allows kprop to work when a
    NAT changes the source address.)  Reported by Jorj Bauer.
    
    ticket: 8977 (new)

 src/kprop/kprop.c |   10 +---------
 1 files changed, 1 insertions(+), 9 deletions(-)

diff --git a/src/kprop/kprop.c b/src/kprop/kprop.c
index 0b53aae..11239ef 100644
--- a/src/kprop/kprop.c
+++ b/src/kprop/kprop.c
@@ -60,7 +60,6 @@ static krb5_principal my_principal;
 
 static krb5_creds creds;
 static krb5_address *sender_addr;
-static krb5_address *receiver_addr;
 static const char *port = KPROP_SERVICE;
 static char *dbpathname;
 
@@ -251,12 +250,6 @@ open_connection(krb5_context context, char *host, int *fd_out)
 
         /* We successfully connect()ed */
         *fd_out = s;
-        retval = sockaddr2krbaddr(context, res->ai_family, res->ai_addr,
-                                  &receiver_addr);
-        if (retval != 0) {
-            com_err(progname, retval, _("while converting server address"));
-            exit(1);
-        }
 
         break;
     }
@@ -296,8 +289,7 @@ kerberos_authenticate(krb5_context context, krb5_auth_context *auth_context,
     krb5_auth_con_setflags(context, *auth_context,
                            KRB5_AUTH_CONTEXT_DO_SEQUENCE);
 
-    retval = krb5_auth_con_setaddrs(context, *auth_context, sender_addr,
-                                    receiver_addr);
+    retval = krb5_auth_con_setaddrs(context, *auth_context, sender_addr, NULL);
     if (retval) {
         com_err(progname, retval, _("in krb5_auth_con_setaddrs"));
         exit(1);
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[30935] in CVS-changelog-for-Kerberos-V5

krb5 commit: Allow kprop over more types of NATs

daemon@ATHENA.MIT.EDU (Greg Hudson)Fri Jan 8 11:43:48 2021

daemon@ATHENA.MIT.EDU (Greg Hudson)
Fri Jan 8 11:43:48 2021