[SAMBA4] Loosing information in the socket system
Stefan (metze) Metzmacher
metze at samba.org
Sun Jan 1 17:57:59 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Andrew Bartlett schrieb:
> I've been looking at the reasons why Samba4's kpasswd is incompatible
> with Heimdal clients, and I think the issue is related to IP addresses
> embedded in the kerberos messages (to prevent replay/forgery).
>
> What bothers me is that as a result of the BSD socket functions, we get
> the struct sockaddr that I need to pass into the kerberos libraries.
> Unfortunately, we instead go via text, as you can see in
> kdc/kdc.c:kdc_process.c
>
> /* TODO: This really should be in a utility function somewhere */
> ZERO_STRUCT(src_sock_addr);
> #ifdef HAVE_SOCK_SIN_LEN
> src_sock_addr.sin_len = sizeof(src_sock_addr);
> #endif
> addr = interpret_addr2(src_addr);
> src_sock_addr.sin_addr.s_addr = addr.addr;
> src_sock_addr.sin_port = htons(src_port);
> src_sock_addr.sin_family = PF_INET;
I think generic functions that create a struct sockaddr from a string
should be the way to go, but I'll look at that the next days more closely.
> Index: lib/socket/config.m4
> ===================================================================
> --- lib/socket/config.m4 (revision 12651)
> +++ lib/socket/config.m4 (working copy)
> @@ -18,9 +18,9 @@
> # it.
> AC_CHECK_FUNCS(connect)
> if test x"$ac_cv_func_connect" = x"no"; then
> - AC_CHECK_LIB(nsl_s, printf)
> - AC_CHECK_LIB(nsl, printf)
> - AC_CHECK_LIB(socket, connect)
> + AC_CHECK_LIB_EXT(nsl_s, printf)
> + AC_CHECK_LIB_EXT(nsl, printf)
> + AC_CHECK_LIB_EXT(socket, connect)
> AC_CHECK_LIB_EXT(inet, connect)
didn't the AC_CHECK_LIB_EXT needs 3 parameters? I think there's
something wrong in the current version, I'll look at this too.
> +NTSTATUS socket_get_my_sock_addr(struct socket_context *sock, struct sockaddr *my_addr);
> +NTSTATUS socket_get_peer_sock_addr(struct socket_context *sock, struct sockaddr *peer_addr);
> NTSTATUS socket_dup(struct socket_context *sock);
I don't like that...
metze
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFDuBgnm70gjA5TCD8RAqZ0AKCwyDocJfcz5c+bQhJvUcqGmUVULwCfXb22
OoIEagZm5Li4+sOf45v4JCw=
=WpvA
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list