diff options
| author | Jeremy Allison <jra@samba.org> | 2007-10-24 14:16:54 -0700 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2007-10-24 14:16:54 -0700 |
| commit | f88b7a076be74a29a3bf876b4e2705f4a1ecf42b (patch) | |
| tree | 2d5167540fcbe1ad245fce697924b18216b2d142 /source3/libads | |
| parent | e01cbcb28e63abb0f681a5a168fc2445744eec93 (diff) | |
| download | samba-f88b7a076be74a29a3bf876b4e2705f4a1ecf42b.tar.gz samba-f88b7a076be74a29a3bf876b4e2705f4a1ecf42b.tar.bz2 samba-f88b7a076be74a29a3bf876b4e2705f4a1ecf42b.zip | |
This is a large patch (sorry). Migrate from struct in_addr
to struct sockaddr_storage in most places that matter (ie.
not the nmbd and NetBIOS lookups). This passes make test
on an IPv4 box, but I'll have to do more work/testing on
IPv6 enabled boxes. This should now give us a framework
for testing and finishing the IPv6 migration. It's at
the state where someone with a working IPv6 setup should
(theorecically) be able to type :
smbclient //ipv6-address/share
and have it work.
Jeremy.
(This used to be commit 98e154c3125d5732c37a72d74b0eb5cd7b6155fd)
Diffstat (limited to 'source3/libads')
| -rw-r--r-- | source3/libads/kerberos.c | 38 | ||||
| -rw-r--r-- | source3/libads/krb5_setpw.c | 28 | ||||
| -rw-r--r-- | source3/libads/ldap.c | 35 |
3 files changed, 69 insertions, 32 deletions
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c index 281ca2fd68..f259c21bdb 100644 --- a/source3/libads/kerberos.c +++ b/source3/libads/kerberos.c @@ -614,7 +614,10 @@ int kerberos_kinit_password(const char *principal, Does DNS queries. ************************************************************************/ -static char *get_kdc_ip_string(char *mem_ctx, const char *realm, const char *sitename, struct in_addr primary_ip) +static char *get_kdc_ip_string(char *mem_ctx, + const char *realm, + const char *sitename, + struct sockaddr_storage *pss) { int i; struct ip_service *ip_srv_site = NULL; @@ -622,7 +625,8 @@ static char *get_kdc_ip_string(char *mem_ctx, const char *realm, const char *sit int count_site = 0; int count_nonsite; char *kdc_str = talloc_asprintf(mem_ctx, "\tkdc = %s\n", - inet_ntoa(primary_ip)); + print_canonical_sockaddr(mem_ctx, + pss)); if (kdc_str == NULL) { return NULL; @@ -635,12 +639,15 @@ static char *get_kdc_ip_string(char *mem_ctx, const char *realm, const char *sit get_kdc_list(realm, sitename, &ip_srv_site, &count_site); for (i = 0; i < count_site; i++) { - if (ip_equal(ip_srv_site[i].ip, primary_ip)) { + if (addr_equal(&ip_srv_site[i].ss, pss)) { continue; } - /* Append to the string - inefficient but not done often. */ + /* Append to the string - inefficient + * but not done often. */ kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n", - kdc_str, inet_ntoa(ip_srv_site[i].ip)); + kdc_str, + print_canonical_sockaddr(mem_ctx, + &ip_srv_site[i].ss)); if (!kdc_str) { SAFE_FREE(ip_srv_site); return NULL; @@ -655,13 +662,14 @@ static char *get_kdc_ip_string(char *mem_ctx, const char *realm, const char *sit for (i = 0; i < count_nonsite; i++) { int j; - if (ip_equal(ip_srv_nonsite[i].ip, primary_ip)) { + if (addr_equal(&ip_srv_nonsite[i].ss, pss)) { continue; } /* Ensure this isn't an IP already seen (YUK! this is n*n....) */ for (j = 0; j < count_site; j++) { - if (ip_equal(ip_srv_nonsite[i].ip, ip_srv_site[j].ip)) { + if (addr_equal(&ip_srv_nonsite[i].ss, + &ip_srv_site[j].ss)) { break; } /* As the lists are sorted we can break early if nonsite > site. */ @@ -675,7 +683,9 @@ static char *get_kdc_ip_string(char *mem_ctx, const char *realm, const char *sit /* Append to the string - inefficient but not done often. */ kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n", - kdc_str, inet_ntoa(ip_srv_nonsite[i].ip)); + kdc_str, + print_canonical_sockaddr(mem_ctx, + &ip_srv_nonsite[i].ss)); if (!kdc_str) { SAFE_FREE(ip_srv_site); SAFE_FREE(ip_srv_nonsite); @@ -700,8 +710,10 @@ static char *get_kdc_ip_string(char *mem_ctx, const char *realm, const char *sit run as root or will fail (which is a good thing :-). ************************************************************************/ -bool create_local_private_krb5_conf_for_domain(const char *realm, const char *domain, - const char *sitename, struct in_addr ip) +bool create_local_private_krb5_conf_for_domain(const char *realm, + const char *domain, + const char *sitename, + struct sockaddr_storage *pss) { char *dname = talloc_asprintf(NULL, "%s/smb_krb5", lp_lockdir()); char *tmpname = NULL; @@ -742,12 +754,12 @@ bool create_local_private_krb5_conf_for_domain(const char *realm, const char *do realm_upper = talloc_strdup(fname, realm); strupper_m(realm_upper); - kdc_ip_string = get_kdc_ip_string(dname, realm, sitename, ip); + kdc_ip_string = get_kdc_ip_string(dname, realm, sitename, pss); if (!kdc_ip_string) { TALLOC_FREE(dname); return False; } - + file_contents = talloc_asprintf(fname, "[libdefaults]\n\tdefault_realm = %s\n\n" "[realms]\n\t%s = {\n" "\t%s\t}\n", @@ -806,7 +818,7 @@ bool create_local_private_krb5_conf_for_domain(const char *realm, const char *do DEBUG(5,("create_local_private_krb5_conf_for_domain: wrote " "file %s with realm %s KDC = %s\n", - fname, realm_upper, inet_ntoa(ip) )); + fname, realm_upper, print_canonical_sockaddr(dname, pss) )); /* Set the environment variable to this file. */ setenv("KRB5_CONFIG", fname, 1); diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c index 73dffe7c1b..831a448847 100644 --- a/source3/libads/krb5_setpw.c +++ b/source3/libads/krb5_setpw.c @@ -402,11 +402,14 @@ static ADS_STATUS do_krb5_kpasswd_request(krb5_context context, int ret, sock; socklen_t addr_len; struct sockaddr remote_addr, local_addr; - struct in_addr *addr = interpret_addr2(kdc_host); + struct sockaddr_storage addr; krb5_address local_kaddr, remote_kaddr; bool use_tcp = False; + if (!interpret_string_addr(&addr, kdc_host, 0)) { + } + ret = krb5_mk_req_extended(context, &auth_context, AP_OPTS_USE_SUBKEY, NULL, credsp, &ap_req); if (ret) { @@ -422,7 +425,7 @@ static ADS_STATUS do_krb5_kpasswd_request(krb5_context context, } else { - sock = open_socket_out(SOCK_STREAM, addr, DEFAULT_KPASSWD_PORT, + sock = open_socket_out(SOCK_STREAM, &addr, DEFAULT_KPASSWD_PORT, LONG_CONNECT_TIMEOUT); } @@ -430,18 +433,29 @@ static ADS_STATUS do_krb5_kpasswd_request(krb5_context context, int rc = errno; SAFE_FREE(ap_req.data); krb5_auth_con_free(context, auth_context); - DEBUG(1,("failed to open kpasswd socket to %s (%s)\n", + DEBUG(1,("failed to open kpasswd socket to %s (%s)\n", kdc_host, strerror(errno))); return ADS_ERROR_SYSTEM(rc); } - addr_len = sizeof(remote_addr); getpeername(sock, &remote_addr, &addr_len); addr_len = sizeof(local_addr); getsockname(sock, &local_addr, &addr_len); - - setup_kaddr(&remote_kaddr, &remote_addr); - setup_kaddr(&local_kaddr, &local_addr); + + /* FIXME ! How do we do IPv6 here ? JRA. */ + if (remote_addr.sa_family != AF_INET || + local_addr.sa_family != AF_INET) { + DEBUG(1,("do_krb5_kpasswd_request: " + "no IPv6 support (yet).\n")); + close(sock); + SAFE_FREE(ap_req.data); + krb5_auth_con_free(context, auth_context); + errno = EINVAL; + return ADS_ERROR_SYSTEM(EINVAL); + } + + setup_kaddr_v4(&remote_kaddr, &remote_addr); + setup_kaddr_v4(&local_kaddr, &local_addr); ret = krb5_auth_con_setaddrs(context, auth_context, &local_kaddr, NULL); if (ret) { diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index f85d3cd7b0..0294c4a5b5 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -221,13 +221,19 @@ bool ads_try_connect(ADS_STRUCT *ads, const char *server ) ads->config.client_site_name = SMB_STRDUP(cldap_reply.client_site_name); } - ads->server.workgroup = SMB_STRDUP(cldap_reply.netbios_domain); ads->ldap.port = LDAP_PORT; - ads->ldap.ip = *interpret_addr2(srv); + if (!interpret_string_addr(&ads->ldap.ss, srv, 0)) { + DEBUG(1,("ads_try_connect: unable to convert %s " + "to an address\n", + srv)); + SAFE_FREE( srv ); + return False; + } + SAFE_FREE(srv); - + /* Store our site name. */ sitename_store( cldap_reply.domain, cldap_reply.client_site_name ); @@ -306,10 +312,10 @@ static NTSTATUS ads_find_dc(ADS_STRUCT *ads) /* if we fail this loop, then giveup since all the IP addresses returned were dead */ for ( i=0; i<count; i++ ) { - fstring server; - - fstrcpy( server, inet_ntoa(ip_list[i].ip) ); - + char server[INET6_ADDRSTRLEN]; + + print_sockaddr(server, sizeof(server), &ip_list[i].ss); + if ( !NT_STATUS_IS_OK(check_negative_conn_cache(realm, server)) ) continue; @@ -371,6 +377,7 @@ ADS_STATUS ads_connect(ADS_STRUCT *ads) int version = LDAP_VERSION3; ADS_STATUS status; NTSTATUS ntstatus; + char addr[INET6_ADDRSTRLEN]; ZERO_STRUCT(ads->ldap); ads->ldap.last_attempt = time(NULL); @@ -378,7 +385,7 @@ ADS_STATUS ads_connect(ADS_STRUCT *ads) /* try with a user specified server */ - if (ads->server.ldap_server && + if (ads->server.ldap_server && ads_try_connect(ads, ads->server.ldap_server)) { goto got_connection; } @@ -391,7 +398,9 @@ ADS_STATUS ads_connect(ADS_STRUCT *ads) return ADS_ERROR_NT(ntstatus); got_connection: - DEBUG(3,("Connected to LDAP server %s\n", inet_ntoa(ads->ldap.ip))); + + print_sockaddr(addr, sizeof(addr), &ads->ldap.ss); + DEBUG(3,("Connected to LDAP server %s\n", addr)); if (!ads->auth.user_name) { /* Must use the userPrincipalName value here or sAMAccountName @@ -405,7 +414,8 @@ got_connection: } if (!ads->auth.kdc_server) { - ads->auth.kdc_server = SMB_STRDUP(inet_ntoa(ads->ldap.ip)); + print_sockaddr(addr, sizeof(addr), &ads->ldap.ss); + ads->auth.kdc_server = SMB_STRDUP(addr); } #if KRB5_DNS_HACK @@ -440,8 +450,9 @@ got_connection: /* cache the successful connection for workgroup and realm */ if (ads_closest_dc(ads)) { - saf_store( ads->server.workgroup, inet_ntoa(ads->ldap.ip)); - saf_store( ads->server.realm, inet_ntoa(ads->ldap.ip)); + print_sockaddr(addr, sizeof(addr), &ads->ldap.ss); + saf_store( ads->server.workgroup, addr); + saf_store( ads->server.realm, addr); } ldap_set_option(ads->ldap.ld, LDAP_OPT_PROTOCOL_VERSION, &version); |