]> git.ipfire.org Git - people/ms/ipfire-3.x.git/blob - krb5/patches/krb5-1.6.3-kdc_listen_all.patch0
projects / people / ms / ipfire-3.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
kernel: Update to 3.17
[people/ms/ipfire-3.x.git] / krb5 / patches / krb5-1.6.3-kdc_listen_all.patch0
1 Provide an option to make the KDC also listen on loopback interfaces for
2 datagram requests. Adds an internal symbol to libkrb5 which the KDC
3 needs if listening on loopback is enabled.
4
5 The default might be better changed from FALSE to TRUE so that the
6 default matches what we do with stream sockets.
7
8 FIXME: doesn't add documentation anywhere.
9
10 diff -up src/include/foreachaddr.h src/include/foreachaddr.h
11 --- src/include/foreachaddr.h 2004-05-05 18:44:46.000000000 -0400
12 +++ src/include/foreachaddr.h 2008-04-04 15:39:28.000000000 -0400
13 @@ -62,3 +62,18 @@ krb5int_foreach_localaddr (/*@null@*/ vo
14 ;
15
16 #define foreach_localaddr krb5int_foreach_localaddr
17 +
18 +extern int
19 +krb5int_foreach_localaddr_ext (/*@null@*/ void *data,
20 + int (*pass1fn) (/*@null@*/ void *,
21 + struct sockaddr *) /*@*/,
22 + /*@null@*/ krb5_boolean (*skipfn) (/*@null@*/ struct sockaddr *, int) /*@*/,
23 + /*@null@*/ int (*betweenfn) (/*@null@*/ void *) /*@*/,
24 + /*@null@*/ int (*pass2fn) (/*@null@*/ void *,
25 + struct sockaddr *) /*@*/)
26 +#if defined(DEBUG) || defined(TEST)
27 + /*@modifies fileSystem@*/
28 +#endif
29 + ;
30 +
31 +#define foreach_localaddr_ext krb5int_foreach_localaddr_ext
32 diff -up src/kdc/kdc_util.h src/kdc/kdc_util.h
33 --- src/kdc/kdc_util.h 2008-04-04 16:28:18.000000000 -0400
34 +++ src/kdc/kdc_util.h 2008-04-04 16:51:27.000000000 -0400
35 @@ -126,6 +126,7 @@ krb5_error_code kdc_initialize_rcache (k
36 krb5_error_code setup_server_realm (krb5_principal);
37
38 /* network.c */
39 +void process_listen_loopback (krb5_boolean);
40 krb5_error_code listen_and_process (const char *);
41 krb5_error_code setup_network (const char *);
42 krb5_error_code closedown_network (const char *);
43 diff -up src/kdc/main.c src/kdc/main.c
44 --- src/kdc/main.c 2008-04-04 16:22:43.000000000 -0400
45 +++ src/kdc/main.c 2008-04-04 16:55:22.000000000 -0400
46 @@ -422,6 +422,7 @@ initialize_realms(krb5_context kcontext,
47 krb5_enctype menctype = ENCTYPE_UNKNOWN;
48 kdc_realm_t *rdatap;
49 krb5_boolean manual = FALSE;
50 + krb5_boolean listen_loopback = FALSE;
51 char *default_udp_ports = 0;
52 char *default_tcp_ports = 0;
53 krb5_pointer aprof;
54 @@ -448,6 +449,9 @@ initialize_realms(krb5_context kcontext,
55 if (krb5_aprof_get_string(aprof, hierarchy, TRUE, &v4mode))
56 v4mode = 0;
57 #endif
58 + hierarchy[1] = "kdc_listen_loopback";
59 + if (krb5_aprof_get_boolean(aprof, hierarchy, TRUE, &listen_loopback))
60 + listen_loopback = FALSE;
61 /* aprof_init can return 0 with aprof == NULL */
62 if (aprof)
63 krb5_aprof_finish(aprof);
64 @@ -587,6 +591,8 @@ initialize_realms(krb5_context kcontext,
65 free(v4mode);
66 #endif
67
68 + process_listen_loopback(listen_loopback);
69 +
70 /*
71 * Check to see if we processed any realms.
72 */
73 diff -up src/kdc/network.c src/kdc/network.c
74 --- src/kdc/network.c 2008-04-04 15:39:28.000000000 -0400
75 +++ src/kdc/network.c 2008-04-04 16:51:44.000000000 -0400
76 @@ -221,6 +221,7 @@ static SET(u_short) udp_port_data, tcp_p
77 #include "cm.h"
78
79 static struct select_state sstate;
80 +static krb5_boolean listen_loopback;
81
82 static krb5_error_code add_udp_port(int port)
83 {
84 @@ -604,6 +605,12 @@ scan_for_newlines:
85 }
86 #endif
87
88 +void
89 +process_listen_loopback(krb5_boolean listen_loop)
90 +{
91 + listen_loopback = listen_loop;
92 +}
93 +
94 /* XXX */
95 extern int krb5int_debug_sendto_kdc;
96 extern void (*krb5int_sendtokdc_debug_handler)(const void*, size_t);
97 @@ -662,7 +669,9 @@ setup_network(const char *prog)
98 so we might need only one UDP socket; fall back to binding
99 sockets on each address only if IPV6_PKTINFO isn't
100 supported. */
101 - if (foreach_localaddr (&setup_data, setup_udp_port, 0, 0)) {
102 + if (listen_loopback ?
103 + foreach_localaddr_ext (&setup_data, setup_udp_port, 0, 0, 0) :
104 + foreach_localaddr (&setup_data, setup_udp_port, 0, 0)) {
105 return setup_data.retval;
106 }
107 setup_tcp_listener_ports(&setup_data);
108 diff -up src/lib/krb5/os/localaddr.c src/lib/krb5/os/localaddr.c
109 --- src/lib/krb5/os/localaddr.c 2005-04-13 12:55:43.000000000 -0400
110 +++ src/lib/krb5/os/localaddr.c 2008-04-04 15:39:28.000000000 -0400
111 @@ -242,6 +242,17 @@ addr_eq (const struct sockaddr *s1, cons
112 }
113 #endif
114
115 +static krb5_boolean
116 +skip_loopback (struct sockaddr *addr, int flags)
117 +{
118 +#ifdef IFF_LOOPBACK
119 + if (flags & IFF_LOOPBACK) {
120 + return TRUE;
121 + }
122 +#endif
123 + return FALSE;
124 +}
125 +
126 #ifndef HAVE_IFADDRS_H
127 /*@-usereleased@*/ /* lclint doesn't understand realloc */
128 static /*@null@*/ void *
129 @@ -413,14 +424,27 @@ get_linux_ipv6_addrs ()
130 indication, it should do it via some field pointed to by the DATA
131 argument. */
132
133 -#ifdef HAVE_IFADDRS_H
134 -
135 int
136 foreach_localaddr (/*@null@*/ void *data,
137 int (*pass1fn) (/*@null@*/ void *, struct sockaddr *) /*@*/,
138 /*@null@*/ int (*betweenfn) (/*@null@*/ void *) /*@*/,
139 /*@null@*/ int (*pass2fn) (/*@null@*/ void *,
140 struct sockaddr *) /*@*/)
141 +{
142 + return foreach_localaddr_ext(data, pass1fn,
143 + &skip_loopback, betweenfn,
144 + pass2fn);
145 +}
146 +
147 +#ifdef HAVE_IFADDRS_H
148 +
149 +int
150 +foreach_localaddr_ext (/*@null@*/ void *data,
151 + int (*pass1fn) (/*@null@*/ void *, struct sockaddr *) /*@*/,
152 + /*@null@*/ krb5_boolean (*skipfn) (/*@null@*/ struct sockaddr *, int) /*@*/,
153 + /*@null@*/ int (*betweenfn) (/*@null@*/ void *) /*@*/,
154 + /*@null@*/ int (*pass2fn) (/*@null@*/ void *,
155 + struct sockaddr *) /*@*/)
156 #if defined(DEBUG) || defined(TEST)
157 /*@modifies fileSystem@*/
158 #endif
159 @@ -436,7 +460,7 @@ foreach_localaddr (/*@null@*/ void *data
160 #endif
161 if ((ifp->ifa_flags & IFF_UP) == 0)
162 continue;
163 - if (ifp->ifa_flags & IFF_LOOPBACK) {
164 + if (skipfn && (*skipfn)(ifp->ifa_addr, ifp->ifa_flags)) {
165 /* Pretend it's not up, so the second pass will skip
166 it. */
167 ifp->ifa_flags &= ~IFF_UP;
168 @@ -459,7 +483,7 @@ foreach_localaddr (/*@null@*/ void *data
169 for (ifp2 = ifp_head; ifp2 && ifp2 != ifp; ifp2 = ifp2->ifa_next) {
170 if ((ifp2->ifa_flags & IFF_UP) == 0)
171 continue;
172 - if (ifp2->ifa_flags & IFF_LOOPBACK)
173 + if (skipfn && (*skipfn)(ifp2->ifa_addr, ifp2->ifa_flags))
174 continue;
175 if (addr_eq (ifp->ifa_addr, ifp2->ifa_addr)) {
176 match = 1;
177 @@ -488,11 +512,12 @@ foreach_localaddr (/*@null@*/ void *data
178 #elif defined (SIOCGLIFNUM) && defined(HAVE_STRUCT_LIFCONF) /* Solaris 8 and later; Sol 7? */
179
180 int
181 -foreach_localaddr (/*@null@*/ void *data,
182 - int (*pass1fn) (/*@null@*/ void *, struct sockaddr *) /*@*/,
183 - /*@null@*/ int (*betweenfn) (/*@null@*/ void *) /*@*/,
184 - /*@null@*/ int (*pass2fn) (/*@null@*/ void *,
185 - struct sockaddr *) /*@*/)
186 +foreach_localaddr_ext (/*@null@*/ void *data,
187 + int (*pass1fn) (/*@null@*/ void *, struct sockaddr *) /*@*/,
188 + /*@null@*/ int (*skipfn) (/*@null@*/ struct sockaddr *, int) /*@*/,
189 + /*@null@*/ int (*betweenfn) (/*@null@*/ void *) /*@*/,
190 + /*@null@*/ int (*pass2fn) (/*@null@*/ void *,
191 + struct sockaddr *) /*@*/)
192 #if defined(DEBUG) || defined(TEST)
193 /*@modifies fileSystem@*/
194 #endif
195 @@ -583,13 +608,12 @@ foreach_localaddr (/*@null@*/ void *data
196 }
197 /*@=moduncon@*/
198
199 -#ifdef IFF_LOOPBACK
200 - /* None of the current callers want loopback addresses. */
201 - if (lifreq.lifr_flags & IFF_LOOPBACK) {
202 - Tprintf ((" loopback\n"));
203 + if (skipfn && (*skipfn)(lifreq.lifr_addr, lifreq.lifr_flags))
204 + if (skipfn && (skipfn == &skip_loopback))
205 + Tprintf ((" loopback\n"));
206 goto skip;
207 }
208 -#endif
209 +
210 /* Ignore interfaces that are down. */
211 if ((lifreq.lifr_flags & IFF_UP) == 0) {
212 Tprintf ((" down\n"));
213 @@ -755,13 +779,12 @@ foreach_localaddr (/*@null@*/ void *data
214 }
215 /*@=moduncon@*/
216
217 -#ifdef IFF_LOOPBACK
218 /* None of the current callers want loopback addresses. */
219 - if (lifreq.iflr_flags & IFF_LOOPBACK) {
220 - Tprintf ((" loopback\n"));
221 + if (skipfn && (*skipfn)(ifp2->ifa_addr, lifreq.lifr_flags))
222 + if (skipfn && (skipfn == &skip_loopback))
223 + Tprintf ((" loopback\n"));
224 goto skip;
225 }
226 -#endif
227 /* Ignore interfaces that are down. */
228 if ((lifreq.iflr_flags & IFF_UP) == 0) {
229 Tprintf ((" down\n"));
230 @@ -971,13 +994,12 @@ foreach_localaddr (/*@null@*/ void *data
231 }
232 /*@=moduncon@*/
233
234 -#ifdef IFF_LOOPBACK
235 - /* None of the current callers want loopback addresses. */
236 - if (ifreq.ifr_flags & IFF_LOOPBACK) {
237 - Tprintf ((" loopback\n"));
238 + if (skipfn && (*skipfn)(NULL, ifreq.ifr_flags))
239 + if (skipfn && (skipfn == &skip_loopback))
240 + Tprintf ((" loopback\n"));
241 goto skip;
242 }
243 -#endif
244 +
245 /* Ignore interfaces that are down. */
246 if ((ifreq.ifr_flags & IFF_UP) == 0) {
247 Tprintf ((" down\n"));
Michael's tree of IPFire 3.x.