[14483] in Kerberos
Patch for making Kerberos work through Firewalls and NATs
daemon@ATHENA.MIT.EDU (mb)
Sun May 27 18:53:20 2001
Message-ID: <016601c0e6ff$2d108440$96f1fea9@uunetd9tatypo8>
From: "mb" <mb@byteworks.ch>
To: <kerberos@mit.edu>
Date: Mon, 28 May 2001 00:44:56 +0200
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_015B_01C0E70F.6A595920"
This is a multi-part message in MIME format.
------=_NextPart_000_015B_01C0E70F.6A595920
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Check this patch, it makes kerberos work if you have a firewall that =
does nat.
diff -ruN krb5-1.2.2.orig/src/lib/krb5/os/localaddr.c =
krb5-1.2.2/src/lib/krb5/os/localaddr.c
--- krb5-1.2.2.orig/src/lib/krb5/os/localaddr.c Wed Feb 28 23:07:54 2001
+++ krb5-1.2.2/src/lib/krb5/os/localaddr.c Mon May 14 15:15:54 2001
@@ -464,7 +464,7 @@
=20
=20
KRB5_DLLIMP krb5_error_code KRB5_CALLCONV
-krb5_os_localaddr(context, addr)
+_krb5_os_localaddr(context, addr)
krb5_context context;
krb5_address FAR * FAR * FAR *addr;
{
@@ -637,3 +637,129 @@
return(err);
}
#endif
+
+
+KRB5_DLLIMP krb5_error_code KRB5_CALLCONV
+krb5_os_localaddr(context, addr)
+ krb5_context context;
+ krb5_address FAR * FAR * FAR *addr;
+{
+ int i;
+ int j;
+ int n =3D 0;
+ int retval;
+ int naddrs =3D 0;
+ int nproxies =3D 0;
+ =20
+ const char *proxy_names[3]; =20
+ char **proxy_list;
+ krb5_address **local_addrs;
+ krb5_address ***proxy_addrs;
+ =20
+ =20
+ /*
+ * We need to add the IP addresses of any proxies given in the
+ * Kerberos configuration file to the "local" IP address. First,
+ * let's see if we have any in the configuration file.
+ */ =20
+ =20
+ proxy_names[0] =3D "libdefaults";
+ proxy_names[1] =3D "proxy_gateway";
+ proxy_names[2] =3D NULL;
+
+ if (profile_get_values(context->profile, proxy_names, &proxy_list)) =
{
+ return _krb5_os_localaddr(context, addr);
+ }
+
+ /*
+ * We've got some proxy hosts in the config file. First, let's =
figure
+ * out how many we're talking about and total them all up.
+ */
+ =20
+ if ((retval =3D _krb5_os_localaddr(context, &local_addrs))) {
+ for (i =3D 0; proxy_list[i]; i++)=20
+ free(proxy_list[i]);
+
+ free(proxy_list);
+ return retval;
+ }
+
+ /* Count number of local addresses */
+ while (local_addrs[naddrs])=20
+ naddrs++;
+
+ /* Count number of proxy addresses */
+ while (proxy_list[nproxies])=20
+ nproxies++;
+
+ proxy_addrs =3D (krb5_address **) malloc(sizeof(proxy_addrs) * =
nproxies);
+ if (!proxy_addrs) {
+ krb5_free_addresses(context, local_addrs);
+=20
+ for (i =3D 0; proxy_list[i]; i++)
+ free(proxy_list[i]);
+=20
+ free((char *) proxy_list);
+ return ENOMEM;
+ }
+
+ /*
+ * Get all of the addresses for all of the proxy hosts. Just total
+ * them all up for now; we need the total number to construct the
+ * address array.
+ */
+
+ for (i =3D 0; i < nproxies; i++) {
+ if (krb5_os_hostaddr(context, proxy_list[i], &proxy_addrs[i])) =
{
+ proxy_addrs[i] =3D NULL;
+ continue;
+ }
+
+ for (j =3D 0; proxy_addrs[i][j]; j++)
+ naddrs++;
+
+ free(proxy_list[i]);
+ }
+ free((char *) proxy_list);
+
+ /*
+ * Build the final addresses array, using all of the addresses that
+ * we have.
+ */
+
+ *addr =3D (krb5_address **) malloc(sizeof(krb5_address *) * (naddrs =
+ 1));
+
+ if (!*addr) {
+ krb5_free_addresses(context, local_addrs);
+
+ for (i =3D 0; i < nproxies; i++) {
+ if (proxy_addrs[i])
+ krb5_free_addresses(context, proxy_addrs[i]);
+ }
+=20
+ free((char *) proxy_addrs);
+ return ENOMEM;
+ }
+
+ /* Local addresses */
+ for (i =3D 0; local_addrs[i]; i++)
+ (*addr)[n++] =3D local_addrs[i];
+
+ free((char *) local_addrs);
+
+ /* Proxy addresses */ =20
+ for (i =3D 0; i < nproxies; i++) {
+ if (proxy_addrs[i]) {
+ for (j =3D 0; proxy_addrs[i][j]; j++)
+ (*addr)[n++] =3D proxy_addrs[i][j];
+ free((char *) proxy_addrs[i]);
+ }
+ }
+ =20
+ free((char *) proxy_addrs);
+
+ /* NULL terminate the array */ =20
+ (*addr)[n] =3D NULL;
+
+ return 0;
+}
------=_NextPart_000_015B_01C0E70F.6A595920
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Diso-8859-1" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.3103.1000" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Check this patch, it makes kerberos =
work if you=20
have a firewall that does nat.</FONT></DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>diff -ruN=20
krb5-1.2.2.orig/src/lib/krb5/os/localaddr.c=20
krb5-1.2.2/src/lib/krb5/os/localaddr.c<BR>---=20
krb5-1.2.2.orig/src/lib/krb5/os/localaddr.c Wed Feb 28 23:07:54 =
2001<BR>+++=20
krb5-1.2.2/src/lib/krb5/os/localaddr.c Mon May 14 15:15:54 =
2001<BR>@@=20
-464,7 +464,7 @@<BR> <BR> <BR> KRB5_DLLIMP =
krb5_error_code=20
KRB5_CALLCONV<BR>-krb5_os_localaddr(context,=20
addr)<BR>+_krb5_os_localaddr(context, addr)<BR> =20
krb5_context context;<BR> krb5_address FAR * FAR =
* FAR=20
*addr;<BR> {<BR>@@ -637,3 +637,129 @@<BR> =20
return(err);<BR> }<BR> #endif<BR>+<BR>+<BR>+KRB5_DLLIMP=20
krb5_error_code KRB5_CALLCONV<BR>+krb5_os_localaddr(context,=20
addr)<BR>+ krb5_context =
context;<BR>+ =20
krb5_address FAR * FAR * FAR *addr;<BR>+{<BR>+ =20
int =20
i;<BR>+ =20
int =20
j;<BR>+ =20
int n =3D=20
0;<BR>+ int retval;<BR>+ =
int =
naddrs =3D=20
0;<BR>+ int nproxies =3D =
0;<BR>+ =20
<BR>+ const char =20
*proxy_names[3]; <BR>+ =20
char =20
**proxy_list;<BR>+ krb5_address=20
**local_addrs;<BR>+ krb5_address=20
***proxy_addrs;<BR>+ <BR>+ =
<BR>+ =20
/*<BR>+ * We need to add the IP addresses of any =
proxies=20
given in the<BR>+ * Kerberos configuration file =
to the=20
"local" IP address. First,<BR>+ * let's =
see if we=20
have any in the configuration file.<BR>+ =20
*/ <BR>+ =
<BR>+ =20
proxy_names[0] =3D "libdefaults";<BR>+ proxy_names[1] =
=3D=20
"proxy_gateway";<BR>+ proxy_names[2] =3D=20
NULL;<BR>+<BR>+ if =
(profile_get_values(context->profile,=20
proxy_names, &proxy_list)) {<BR>+ return =
_krb5_os_localaddr(context,=20
addr);<BR>+ }<BR>+<BR>+ =20
/*<BR>+ * We've got some proxy hosts in the =
config=20
file. First, let's figure<BR>+ * out how =
many=20
we're talking about and total them all up.<BR>+ =20
*/<BR>+ <BR>+ if ((retval =3D=20
_krb5_os_localaddr(context, &local_addrs)))=20
{<BR>+ for (i =3D 0; =
proxy_list[i]; i++)=20
<BR>+ =20
free(proxy_list[i]);<BR>+<BR>+ =
free(proxy_list);<BR>+ return=20
retval;<BR>+ }<BR>+<BR>+ /* Count =
number of=20
local addresses */<BR>+ while (local_addrs[naddrs])=20
<BR>+ =20
naddrs++;<BR>+<BR>+ /* Count number of proxy addresses =
*/<BR>+ while (proxy_list[nproxies])=20
<BR>+ =20
nproxies++;<BR>+<BR>+ proxy_addrs =3D (krb5_address =
**)=20
malloc(sizeof(proxy_addrs) * nproxies);<BR>+ if =
(!proxy_addrs)=20
{<BR>+ krb5_free_addresses(context, =
local_addrs);<BR>+ <BR>+ for=20
(i =3D 0; proxy_list[i]; i++)<BR>+ =20
free(proxy_list[i]);<BR>+ <BR>+ free((char *)=20
proxy_list);<BR>+ return ENOMEM;<BR>+ =20
}<BR>+<BR>+ /*<BR>+ * Get all =
of the=20
addresses for all of the proxy hosts. Just=20
total<BR>+ * them all up for now; we need the =
total=20
number to construct the<BR>+ * address=20
array.<BR>+ */<BR>+<BR>+ for =
(i =3D 0; i=20
< nproxies; i++) {<BR>+ if=20
(krb5_os_hostaddr(context, proxy_list[i], &proxy_addrs[i]))=20
{<BR>+ proxy_addrs[i] =3D=20
NULL;<BR>+ &nb=
sp;=20
continue;<BR>+ }<BR>+<BR>+ =
for (j=20
=3D 0; proxy_addrs[i][j];=20
j++)<BR>+ &nbs=
p;=20
naddrs++;<BR>+<BR>+ =20
free(proxy_list[i]);<BR>+ }<BR>+ =
free((char=20
*) proxy_list);<BR>+<BR>+ =
/*<BR>+ *=20
Build the final addresses array, using all of the addresses=20
that<BR>+ * we =
have.<BR>+ =20
*/<BR>+<BR>+ *addr =3D (krb5_address **)=20
malloc(sizeof(krb5_address *) * (naddrs + =
1));<BR>+<BR>+ if=20
(!*addr) {<BR>+ =20
krb5_free_addresses(context,=20
local_addrs);<BR>+<BR>+ for (i =
=3D 0; i=20
< nproxies; i++)=20
{<BR>+ =
if=20
(proxy_addrs[i])<BR>+ &nbs=
p; =20
krb5_free_addresses(context,=20
proxy_addrs[i]);<BR>+ }<BR>+ <BR>+ free((char *)=20
proxy_addrs);<BR>+ return ENOMEM;<BR>+ =20
}<BR>+<BR>+ /* Local addresses =
*/<BR>+ for=20
(i =3D 0; local_addrs[i]; i++)<BR>+ (*addr)[n++] =3D=20
local_addrs[i];<BR>+<BR>+ free((char *)=20
local_addrs);<BR>+<BR>+ /* Proxy addresses =
*/ =20
<BR>+ for (i =3D 0; i < nproxies; i++) =
{<BR>+ if=20
(proxy_addrs[i]) {<BR>+ for (j =3D 0; =
proxy_addrs[i][j];=20
j++)<BR>+ (*addr)[n++] =3D=20
proxy_addrs[i][j];<BR>+ free((char *)=20
proxy_addrs[i]);<BR>+ }<BR>+ =
}<BR>+ =20
<BR>+ free((char *) =
proxy_addrs);<BR>+<BR>+ =20
/* NULL terminate the array */ <BR>+ =
(*addr)[n] =3D NULL;<BR>+<BR>+ return=20
0;<BR>+}<BR></DIV></FONT></BODY></HTML>
------=_NextPart_000_015B_01C0E70F.6A595920--
