Subject: Re: behavior of krb5_get_all_server_addrs()
To: Jason R Thorpe <thorpej@zembu.com>
From: Andrew Brown <atatat@atatdot.net>
List: tech-crypto
Date: 12/02/2000 11:27:32
>Heimdal's krb5_get_all_server_addrs() is slightly buggy in that it
>doesn't use getifaddrs()/freeifaddrs().  I'm planning on fixing that,
>but it begs the question:
>
>	Why doesn't the KDC (as an example of a user of said function)
>	simply listen on a wildcard address, rather than binding to
>	the address that happen to be configured at the time that the
>	KDC is started?
>
>Sounds like what it should do is bind to wildcard *unless* addresses
>to bind to are explicitly in the configuration file.

begging non-operational ignorance of kerberos here...does the kdc use
udp?  if so, then it's probably trying to solve the *exact* same
problem that bind does by listening on all ip addresses simultaneously
so that responses to clients appear to originate from the address to
which the request was sent.

that said, assuming that it uses recvfrom(2) instead of write(2),
send(2), or sendto(2), adding some code like this might help.  :)

------8<------8<------8<------8<------8<------8<------8<------
struct sockaddr to;

ssize_t
recvfrom(int s, void *buf, size_t len, int flags, struct sockaddr *from,
         int *fromlen)
{
  size_t rc;
  struct msghdr msg;
  u_char address[MYBUF];
  struct iovec iov;
  struct cmsghdr *cmsg;
  
  iov.iov_base=buf;
  iov.iov_len=len;
  
  msg.msg_name=(caddr_t)from;
  msg.msg_namelen=(uint)*fromlen;
  msg.msg_iov=&iov;
  msg.msg_iovlen=1;
  msg.msg_control=address;
  msg.msg_controllen=sizeof(address);
  msg.msg_flags=0;

  if ((rc=recvmsg(s,&msg,flags))!=-1) {
    /* "copy" this back to the caller */
    *fromlen=msg.msg_namelen;
    /* and arrange for IP_RECVDSTADDR to be available */
    if (msg.msg_controllen>0)
      for (cmsg=CMSG_FIRSTHDR(&msg);cmsg;cmsg=CMSG_NXTHDR(&msg,cmsg)) {
        void *cdata=CMSG_DATA(cmsg);
        if (cmsg->cmsg_type==IP_RECVDSTADDR) {
          struct in_addr *i=cdata;
          to=*i;
        }
      }
  }
  return rc;
}
------8<------8<------8<------8<------8<------8<------8<------

no?

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
andrew@crossbar.com       * "information is power -- share the wealth."