Bug 563 - getaddrinfo() in libopenbsd-compat.a breaks heimdal-linked pam_krb5
Summary: getaddrinfo() in libopenbsd-compat.a breaks heimdal-linked pam_krb5
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: Miscellaneous (show other bugs)
Version: -current
Hardware: SPARC Solaris
: P2 normal
Assignee: OpenSSH Bugzilla mailing list
URL:
Keywords:
Depends on:
Blocks: 793
  Show dependency treegraph
 
Reported: 2003-05-13 04:20 AEST by Buck Huppmann
Modified: 2004-04-14 12:24 AEST (History)
1 user (show)

See Also:

Attachments
Add macros for fake getaddrinfo -> ssh_getaddrinfo (1.17 KB, patch)
2004-01-24 21:51 AEDT, Darren Tucker 		djm: ok+
Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Buck Huppmann 2003-05-13 04:20:43 AEST 
i realize that fake-getaddrinfo.c says, ``Don't use it for another purpose,''
but if getaddrinfo can't be renamed then stuff like this is inevitable, and i
think it might not just be me so i wanted to point it out:

heimdal uses the getaddrinfo()-returned ai_protocol, ai_socktype and ai_protocol
in its socket() call in send_to_kdc(), after passing in the desired ai_socktype
in hints->ai_socktype. on Solaris 2.6, there's no getaddrinfo(), so heimdal
builds this into it's libroken and ssh builds this into libopenbsd-compat. when
sshd goes to use pam_krb5 for keyboard-interactive, the pam_krb5 calls to
heimdal's libkrb5 result in libopenbsd-compat's getaddrinfo() getting called,
which always returns a struct addrinfo with ai_socktype == ai_protocol == 0, and
socket() buys an EPROTOTYPE:

send_to_kdc.c:
  ret = krb5_krbhst_get_addrinfo(context, hi, &ai);
  if (ret)
      continue;

  for (a = ai; a != NULL; a = a->ai_next) {
      fd = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
      if (fd < 0)
          continue;

truss says:

  so_socket(2, 0, 0, 0x00000000, 1)               Err#98 EPROTOTYPE
       0x00000000: ""

(i have to admit i have absolutely no idea where it's getting ai_family from, if
that's what that first parameter is)

it would be nice if maybe libopenbsd-compat's getaddrinfo copied ai_family,
ai_socktype and ai_protocol to the returned struct addrinfo's. yes, i admit, we
need to upgrade
Comment 1 Damien Miller 2003-05-13 10:44:54 AEST 
Does rebuilding after:

LIBS='-lbroken' ./configure

help?
Comment 2 Buck Huppmann 2003-05-13 13:17:23 AEST 
perhaps. i'll try modifying configure.ac and acconfig.h to get <roken.h>
included also, if configure can find em, and let you know if it works. for my
purposes, i was content to just rename getaddrinfo in fake-getaddrinfo.c and
kludge up fake-getaddrinfo.h:

#ifndef HAVE_GETADDRINFO
#define getaddrinfo fake_getaddrinfo
int fake_getaddrinfo( . . . )
#endif

don't know how many other libroken functions i'll pick up if i configure it in
and if some of them might be less unbroken than libopenbsd-compat versions.
maybe i should just see if i can port GNU libc . . .

thanks for the help
Comment 3 Darren Tucker 2004-01-22 21:16:42 AEDT 
Should this bug be closed?
Comment 4 Darren Tucker 2004-01-24 21:51:16 AEDT 
Created attachment 535 [details]
Add macros for fake getaddrinfo -> ssh_getaddrinfo

Builds stand-alone on Solaris 2.5.1, nm confirms that the functions are
exported as ssh_[function]
Comment 5 Damien Miller 2004-02-10 12:20:37 AEDT 
Comment on attachment 535 [details]
Add macros for fake getaddrinfo -> ssh_getaddrinfo

I hate doing this sort of thing, but I can't think of a better way.
Comment 6 Darren Tucker 2004-02-10 13:07:32 AEDT 
Applied, thanks.  I note that snprintf is in the same boat on Solaris 2.5.1,
should we do the same thing with it (ie: is this an actual problem for anyone)?
Comment 7 Damien Miller 2004-04-14 12:24:19 AEST 
Mass change of RESOLVED bugs to CLOSED