Disable IP address checking in the Kerberos v4 library when building

with MIT Kerberos to allow ticket forwarding through NAT.

diff --git a/NEWS b/NEWS
index 9c3416c5e2e67567e5fd26acece5687d8fc1d8cc..50d8739b80a683264c4e0e6158d8a888f784190e 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,10 @@
                         User-Visible kftgt Changes
 
+kftgt 1.11 (unreleased)
+
+    Disable IP address checking in the Kerberos v4 library when building
+    with MIT Kerberos to allow ticket forwarding through NAT.
+
 kftgt 1.10 (2005-12-03)
 
     Add the --enable-reduced-depends configure option to try to minimize

diff --git a/configure.ac b/configure.ac
index 5b6529de1882b038b5bcd3bff6f9ad2a5308f604..dfca1f7a3f850b1b33072a0cf6d07ed97184a38c 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -59,6 +59,14 @@ AC_ARG_ENABLE([static],
 dnl Checks for header files.
 AC_CHECK_HEADERS([kerberosIV/krb.h])
 
+dnl Checks for variable declarations.
+AC_CHECK_DECLS([krb_ignore_ip_address], , ,
+[#ifdef HAVE_KERBEROSIV_KRB_H
+# include <kerberosIV/krb.h>
+#else
+# include <krb.h>
+#endif])
+
 dnl Checks for functions.
 AC_TYPE_SIGNAL
 AC_REPLACE_FUNCS([unsetenv])

diff --git a/kftgt.c b/kftgt.c
index 22d6e1587576e571d9be7a64287de7f5c63c41e7..c213436f27d4c1d5987cd499b2286ab5e3acc58f 100644 (file)
--- a/kftgt.c
+++ b/kftgt.c
@@ -83,6 +83,10 @@ main(int argc, char **argv)
 {
   enum kftgt_error status = SUCCESS;
 
+#ifdef HAVE_DECL_KRB_IGNORE_IP_ADDRESS
+  krb_ignore_ip_address = 1;
+#endif
+
   argv = read_options(argc, argv);
   while(*argv) {
     char *ruser = l_val, *server;
@@ -311,11 +315,15 @@ kftgt(char *ruser, char *server)
 
   /* read encrypted response */
 
+  m_data.app_data[0] = '\0';
   len = receive_encrypted_chunk(&m_data, buffer, sizeof(buffer), sock,
                                &cred.session, sched, &saddr, &caddr);
 
   if (strncmp((char *) m_data.app_data,"ok",2)!=0) {
-    warn("%s",m_data.app_data);
+    if (m_data.app_data[0] != '\0')
+      warn("%s",m_data.app_data);
+    else
+      warn("error receiving encrypted chunk");
     close(sock);
     return ERROR_SEND;
   }
@@ -344,11 +352,15 @@ kftgt(char *ruser, char *server)
     return ERROR_SEND;
   }
 
+  m_data.app_data[0] = '\0';
   len = receive_encrypted_chunk(&m_data,buffer,sizeof(buffer), sock,
                                &cred.session, sched, &saddr, &caddr);
 
   if (strncmp((char *) m_data.app_data,"ok",2)!=0) {
-    warn("%s",m_data.app_data);
+    if (m_data.app_data[0] != '\0')
+      warn("%s",m_data.app_data);
+    else
+      warn("error receiving encrypted chunk");
     close(sock);
     return ERROR_SEND;
   }

diff --git a/kftgtd.c b/kftgtd.c
index dd35f7ffd42428430524cecd16442803e0962d14..cebdd8060cf83a6756e2ab35f01f6f47f4157ef1 100644 (file)
--- a/kftgtd.c
+++ b/kftgtd.c
@@ -75,6 +75,9 @@ main(argc,argv)
 
   prog = argv[0];
 
+#ifdef HAVE_DECL_KRB_IGNORE_IP_ADDRESS
+  krb_ignore_ip_address = 1;
+#endif
  
   while ((c = getopt(argc, argv, "hlvdt:")) != EOF) 
      switch (c) {