[SAMBA4] Loosing information in the socket system

Stefan (metze) Metzmacher metze at samba.org
Sun Jan 1 17:57:59 GMT 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Andrew Bartlett schrieb:
> I've been looking at the reasons why Samba4's kpasswd is incompatible
> with Heimdal clients, and I think the issue is related to IP addresses
> embedded in the kerberos messages (to prevent replay/forgery).
> 
> What bothers me is that as a result of the BSD socket functions, we get
> the struct sockaddr that I need to pass into the kerberos libraries.
> Unfortunately, we instead go via text, as you can see in
> kdc/kdc.c:kdc_process.c
> 
> 	/* TODO:  This really should be in a utility function somewhere */
> 	ZERO_STRUCT(src_sock_addr);
> #ifdef HAVE_SOCK_SIN_LEN
> 	src_sock_addr.sin_len		= sizeof(src_sock_addr);
> #endif
> 	addr				= interpret_addr2(src_addr);
> 	src_sock_addr.sin_addr.s_addr	= addr.addr;
> 	src_sock_addr.sin_port		= htons(src_port);
> 	src_sock_addr.sin_family	= PF_INET;

I think generic functions that create a struct sockaddr from a string
should be the way to go, but I'll look at that the next days more closely.

> Index: lib/socket/config.m4
> ===================================================================
> --- lib/socket/config.m4	(revision 12651)
> +++ lib/socket/config.m4	(working copy)
> @@ -18,9 +18,9 @@
>  # it.
>  AC_CHECK_FUNCS(connect)
>  if test x"$ac_cv_func_connect" = x"no"; then
> -    AC_CHECK_LIB(nsl_s, printf)
> -    AC_CHECK_LIB(nsl, printf)
> -    AC_CHECK_LIB(socket, connect)
> +    AC_CHECK_LIB_EXT(nsl_s, printf)
> +    AC_CHECK_LIB_EXT(nsl, printf)
> +    AC_CHECK_LIB_EXT(socket, connect)
>      AC_CHECK_LIB_EXT(inet, connect)

didn't the AC_CHECK_LIB_EXT needs 3 parameters? I think there's
something wrong in the current version, I'll look at this too.

> +NTSTATUS socket_get_my_sock_addr(struct socket_context *sock, struct sockaddr *my_addr);
> +NTSTATUS socket_get_peer_sock_addr(struct socket_context *sock, struct sockaddr *peer_addr);
>  NTSTATUS socket_dup(struct socket_context *sock);

I don't like that...

metze
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFDuBgnm70gjA5TCD8RAqZ0AKCwyDocJfcz5c+bQhJvUcqGmUVULwCfXb22
OoIEagZm5Li4+sOf45v4JCw=
=WpvA
-----END PGP SIGNATURE-----

More information about the samba-technical mailing list