Verify who tries to transmit a database. Context to
krb5_getportbyname. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@3313 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
18
kdc/hpropd.c
18
kdc/hpropd.c
@@ -58,7 +58,7 @@ int open_socket(krb5_context context)
|
||||
setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one));
|
||||
memset(&sin, 0, sizeof(sin));
|
||||
sin.sin_family = AF_INET;
|
||||
sin.sin_port = krb5_getportbyname ("hprop", "tcp", htons(HPROP_PORT));
|
||||
sin.sin_port = krb5_getportbyname (context, "hprop", "tcp", HPROP_PORT);
|
||||
if(bind(s, (struct sockaddr*)&sin, sizeof(sin)) < 0){
|
||||
krb5_warn(context, errno, "bind");
|
||||
close(s);
|
||||
@@ -107,6 +107,8 @@ int main(int argc, char **argv)
|
||||
krb5_context context;
|
||||
krb5_auth_context ac = NULL;
|
||||
krb5_principal server;
|
||||
krb5_principal c1, c2;
|
||||
krb5_authenticator authent;
|
||||
krb5_keytab keytab;
|
||||
int fd;
|
||||
HDB *db;
|
||||
@@ -156,6 +158,20 @@ int main(int argc, char **argv)
|
||||
ret = krb5_recvauth(context, &ac, &fd, HPROP_VERSION, server, 0, keytab, NULL);
|
||||
if(ret) krb5_err(context, 1, ret, "krb5_recvauth");
|
||||
|
||||
ret = krb5_auth_getauthenticator(context, ac, &authent);
|
||||
if(ret) krb5_err(context, 1, ret, "krb5_auth_getauthenticator");
|
||||
|
||||
ret = krb5_make_principal(context, &c1, NULL, "kadmin", "hprop", NULL);
|
||||
if(ret) krb5_err(context, 1, ret, "krb5_make_principal");
|
||||
principalname2krb5_principal(&c2, authent->cname, authent->crealm);
|
||||
if(!krb5_principal_compare(context, c1, c2)){
|
||||
char *s;
|
||||
krb5_unparse_name(context, c2, &s);
|
||||
krb5_errx(context, 1, "Unauthorized connection from %s", s);
|
||||
}
|
||||
krb5_free_principal(context, c1);
|
||||
krb5_free_principal(context, c2);
|
||||
|
||||
ret = krb5_kt_close(context, keytab);
|
||||
if(ret) krb5_err(context, 1, ret, "krb5_kt_close");
|
||||
|
||||
|
Reference in New Issue
Block a user