[1424] in Kerberos-V5-bugs
Re: missing call to krb5_auth_con_setaddrs in kprop.c
daemon@ATHENA.MIT.EDU (epeisach@MIT.EDU)
Sat May 20 14:12:13 1995
From: epeisach@MIT.EDU
Date: Sat, 20 May 1995 14:12:05 -0400
To: "Stephen M. Kenton" <SKENTON@AUS-SERVER.UCS.UOKNOR.EDU>
Cc: krb5-bugs@MIT.EDU
In-Reply-To: [1395]
You said to add the line:
krb5_auth_con_setaddrs(context, *auth_context, &receiver_addr, &sender_addr)
to kprop.c.
You actually have it backwards. You will need something like:
if (retval = krb5_auth_con_setaddrs(context, *auth_context, &sender_addr,
&receiver_addr)) {
com_err(progname, retval, "in krb5_auth_con_setaddrs");
exit(1);
}
(I will assume you only tried sending a DB to the same host as youself
as I first did...)
I also tracked down the sequence number problem.
There was a problem in the krb5 library where krb5_rd_safe was not
incrementing the sequence number. The first packet which contained the
length of the database would go through fine, but subsequent version
numbering would fail. (this change essentially mirrors the sequence
numbering in mk_safe.c)
Ezra
Index: rd_safe.c
===================================================================
RCS file: /mit/krb5/.cvsroot/src/lib/krb5/krb/rd_safe.c,v
retrieving revision 5.35
diff -c -r5.35 rd_safe.c
*** rd_safe.c 1995/05/11 23:07:45 5.35
--- rd_safe.c 1995/05/15 16:13:16
***************
*** 267,272 ****
--- 267,273 ----
retval = KRB5KRB_AP_ERR_BADORDER;
goto error;
}
+ auth_context->remote_seq_number++;
}
if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME) ||
