Openssh 3.2.2p1 KRB5 addition
Markus Moeller
mm at mail.deuba.com
Mon May 20 21:03:48 EST 2002
The Kerberos V support may still fail on hosts with two or more
interfaces.
Regards
Markus
-------------- next part --------------
*** auth-krb5.c.orig Mon May 20 11:51:57 2002
--- auth-krb5.c Mon May 20 11:53:34 2002
***************
*** 38,43 ****
--- 38,44 ----
#include "servconf.h"
#include "uidswap.h"
#include "auth.h"
+ #include "canohost.h"
#ifdef KRB5
#include <krb5.h>
***************
*** 80,85 ****
--- 81,87 ----
krb5_data reply;
krb5_ticket *ticket;
int fd, ret;
+ char *localname;
ret = 0;
server = NULL;
***************
*** 108,114 ****
if (problem)
goto err;
! problem = krb5_sname_to_principal(authctxt->krb5_ctx, NULL, NULL ,
KRB5_NT_SRV_HST, &server);
if (problem)
goto err;
--- 110,118 ----
if (problem)
goto err;
! localname=get_local_hostname(fd);
!
! problem = krb5_sname_to_principal(authctxt->krb5_ctx, localname, NULL ,
KRB5_NT_SRV_HST, &server);
if (problem)
goto err;
-------------- next part --------------
*** canohost.c.orig Mon May 20 11:54:18 2002
--- canohost.c Mon May 20 11:59:56 2002
***************
*** 22,27 ****
--- 22,100 ----
static void check_ip_options(int, char *);
/*
+ * Return the canonical name of the localhost of the socket. The
+ * caller should free the returned string with xfree.
+ */
+
+ const char *
+ get_local_hostname(int socket)
+ {
+ struct sockaddr_storage addr_6or4;
+ int i;
+ socklen_t addr_6or4_len;
+ char name[NI_MAXHOST], ntop[NI_MAXHOST];
+
+ /* Get local IP address*/
+ addr_6or4_len = sizeof(addr_6or4);
+ memset(&addr_6or4, 0, sizeof(addr_6or4));
+ if (getsockname(socket, (struct sockaddr *) &addr_6or4, &addr_6or4_len) < 0) {
+ debug("getsockname failed: %.100s", strerror(errno));
+ fatal_cleanup();
+ }
+ #ifdef IPV4_IN_IPV6
+ if (addr_6or4.ss_family == AF_INET6) {
+ struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *)&addr_6or4;
+
+ /* Detect IPv4 in IPv6 mapped address and convert it to */
+ /* plain (AF_INET) IPv4 address */
+ if (IN6_IS_ADDR_V4MAPPED(&addr6->sin6_addr)) {
+ struct sockaddr_in *addr4 = (struct sockaddr_in *)&addr_6or4;
+ struct in_addr addr;
+ u_int16_t port;
+
+ memcpy(&addr, ((char *)&addr6->sin6_addr) + 12, sizeof(addr));
+ port = addr6->sin6_port;
+
+ memset(&addr_6or4, 0, sizeof(addr_6or4));
+
+ addr4->sin_family = AF_INET;
+ memcpy(&addr4->sin_addr, &addr, sizeof(addr));
+ addr4->sin_port = port;
+ }
+ }
+ #endif
+ if (addr_6or4.ss_family == AF_INET)
+ check_ip_options(socket, ntop);
+
+ if (getnameinfo((struct sockaddr *)&addr_6or4, addr_6or4_len, ntop, sizeof(ntop),
+ NULL, 0, NI_NUMERICHOST) != 0)
+ fatal("get_local_hostname: getnameinfo NI_NUMERICHOST failed");
+
+ debug3("Trying to resolve local address %.100s to hostname", ntop);
+ /* Map the IP address to a host name. */
+ if (getnameinfo((struct sockaddr *)&addr_6or4, addr_6or4_len, name, sizeof(name),
+ NULL, 0, NI_NAMEREQD) != 0) {
+ /* Host name not found. Use ip address. */
+ log("Could not resolve local address %.100s to hostname", ntop);
+ return xstrdup(ntop);
+ }
+
+ /* Got host name. */
+ name[sizeof(name) - 1] = '\0';
+ /*
+ * Convert it to all lowercase (which is expected by the rest
+ * of this software).
+ */
+ for (i = 0; name[i]; i++)
+ if (isupper(name[i]))
+ name[i] = tolower(name[i]);
+
+ debug("Resolved local address %.100s to hostname %s", ntop,name);
+
+ return xstrdup(name);
+ }
+
+ /*
* Return the canonical name of the host at the other end of the socket. The
* caller should free the returned string with xfree.
*/
-------------- next part --------------
*** canohost.h.orig Mon May 20 11:54:30 2002
--- canohost.h Mon May 20 11:56:19 2002
***************
*** 12,17 ****
--- 12,18 ----
* called by a name other than "ssh" or "Secure Shell".
*/
+ const char *get_local_hostname(int);
const char *get_canonical_hostname(int);
const char *get_remote_ipaddr(void);
const char *get_remote_name_or_ip(u_int, int);
More information about the openssh-unix-dev
mailing list