--- a/components/proftpd/mod_gss-patches/ip4-mapped-gss-channel-bindings.patch	Wed Aug 07 01:14:19 2013 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,128 +0,0 @@
---- a/mod_gss.c.in
-+++ b/mod_gss.c.in
-@@ -1412,6 +1412,87 @@ MODRET gss_auth(cmd_rec *cmd) {
-     return HANDLED(cmd);
- }
- 
-+#ifdef USE_IPV6 /* { */
-+#define IPV6_STR_SIZE   128
-+
-+static int ip6_to_str(struct in6_addr* addr, char* buf, int size) {
-+
-+    const char *err;
-+
-+    if(size<IPV6_STR_SIZE)
-+        return 0;
-+
-+    memset(buf, 0, size);
-+    err=inet_ntop(AF_INET6, addr, buf, size-1);
-+    if(err!=buf)
-+        return 0;
-+
-+    return 1;
-+}
-+
-+static int ip6_to_ip4(struct in6_addr *ip6, struct in_addr *ip4) {
-+
-+    char buf[IPV6_STR_SIZE];
-+
-+    if (!ip6_to_str(ip6, buf, IPV6_STR_SIZE))
-+        return 0;
-+
-+    const char *ip4_str=strrchr(buf, ':');
-+    if (ip4_str == 0)
-+        return 0;
-+
-+    ip4_str++;
-+    if (!inet_aton(ip4_str, ip4))
-+        return 0;
-+
-+    return 1;
-+}
-+
-+static int set_chan_v4mapped(
-+    gss_channel_bindings_t chan, struct in_addr *ia, struct in_addr *aa) {
-+
-+    if (!ip6_to_ip4(&(session.c->remote_addr->na_addr.v6.sin6_addr), ia))
-+        return 0;
-+
-+    if (!ip6_to_ip4(&(session.c->local_addr->na_addr.v6.sin6_addr), aa))
-+        return 0;
-+
-+    chan->initiator_addrtype = GSS_C_AF_INET;
-+    chan->initiator_address.length = sizeof(struct in_addr);
-+    chan->initiator_address.value = ia;
-+
-+    chan->acceptor_addrtype = GSS_C_AF_INET;
-+    chan->acceptor_address.length = sizeof(struct in_addr);
-+    chan->acceptor_address.value = aa;
-+
-+    chan->application_data.length = 0;
-+    chan->application_data.value = 0;
-+
-+    return 1;
-+}
-+
-+static int try_v4mapped() {
-+
-+    struct in6_addr* addr;
-+
-+    if (pr_netaddr_get_family(session.c->remote_addr) != AF_INET6)
-+        return 0;
-+
-+    if (pr_netaddr_get_family(session.c->local_addr) != AF_INET6)
-+        return 0;
-+
-+    addr = (struct in6_addr*)pr_netaddr_get_inaddr(session.c->remote_addr);
-+    if (!IN6_IS_ADDR_V4MAPPED(addr))
-+        return 0;
-+
-+    addr = (struct in6_addr*)pr_netaddr_get_inaddr(session.c->local_addr);
-+    if (!IN6_IS_ADDR_V4MAPPED(addr))
-+        return 0;
-+
-+    return 1;
-+}
-+#endif /* } */
-+
- /*
-    AUTHENTICATION/SECURITY DATA (ADAT)
- 
-@@ -1527,6 +1608,12 @@ MODRET gss_adat(cmd_rec *cmd) {
-     char *gbuf ;
-   
-     gss_channel_bindings_t chan=GSS_C_NO_CHANNEL_BINDINGS;
-+    gss_channel_bindings_t chan_sl=GSS_C_NO_CHANNEL_BINDINGS;
-+#ifdef USE_IPV6
-+    gss_channel_bindings_t chan_v4m=GSS_C_NO_CHANNEL_BINDINGS;
-+    struct in_addr ia;
-+    struct in_addr aa;
-+#endif
- 
-     if (!gss_engine)
-         return DECLINED(cmd);
-@@ -1631,13 +1718,22 @@ MODRET gss_adat(cmd_rec *cmd) {
- 	    continue;
- 	}
- 
-+        chan_sl = chan;
-+#ifdef USE_IPV6
-+        if (try_v4mapped()) {
-+            chan_v4m = pcalloc(cmd->tmp_pool,sizeof(*chan_v4m));
-+            if (set_chan_v4mapped(chan_v4m, &ia, &aa))
-+                chan_sl = chan_v4m;
-+        }
-+#endif
-+
- 	found++;
- 	gcontext = GSS_C_NO_CONTEXT;
- 	accept_maj = gss_accept_sec_context(&accept_min,
- 	   				    &gcontext, /* context_handle */
- 					    server_creds, /* verifier_cred_handle */
- 					    &tok, /* input_token */
--					    chan, /* channel bindings */
-+					    chan_sl, /* channel bindings */
- 					    &client, /* src_name */
- 					    &mechid, /* mech_type */
- 					    &out_tok, /* output_token */
-
branch	s11u1-sru
changeset 2734	d23b6301c400
parent 2719	8a85b880d7f1
child 2735	38548c092c06