summaryrefslogtreecommitdiff
path: root/source3/libads
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2007-10-24 14:16:54 -0700
committerJeremy Allison <jra@samba.org>2007-10-24 14:16:54 -0700
commitf88b7a076be74a29a3bf876b4e2705f4a1ecf42b (patch)
tree2d5167540fcbe1ad245fce697924b18216b2d142 /source3/libads
parente01cbcb28e63abb0f681a5a168fc2445744eec93 (diff)
downloadsamba-f88b7a076be74a29a3bf876b4e2705f4a1ecf42b.tar.gz
samba-f88b7a076be74a29a3bf876b4e2705f4a1ecf42b.tar.bz2
samba-f88b7a076be74a29a3bf876b4e2705f4a1ecf42b.zip
This is a large patch (sorry). Migrate from struct in_addr
to struct sockaddr_storage in most places that matter (ie. not the nmbd and NetBIOS lookups). This passes make test on an IPv4 box, but I'll have to do more work/testing on IPv6 enabled boxes. This should now give us a framework for testing and finishing the IPv6 migration. It's at the state where someone with a working IPv6 setup should (theorecically) be able to type : smbclient //ipv6-address/share and have it work. Jeremy. (This used to be commit 98e154c3125d5732c37a72d74b0eb5cd7b6155fd)
Diffstat (limited to 'source3/libads')
-rw-r--r--source3/libads/kerberos.c38
-rw-r--r--source3/libads/krb5_setpw.c28
-rw-r--r--source3/libads/ldap.c35
3 files changed, 69 insertions, 32 deletions
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index 281ca2fd68..f259c21bdb 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -614,7 +614,10 @@ int kerberos_kinit_password(const char *principal,
Does DNS queries.
************************************************************************/
-static char *get_kdc_ip_string(char *mem_ctx, const char *realm, const char *sitename, struct in_addr primary_ip)
+static char *get_kdc_ip_string(char *mem_ctx,
+ const char *realm,
+ const char *sitename,
+ struct sockaddr_storage *pss)
{
int i;
struct ip_service *ip_srv_site = NULL;
@@ -622,7 +625,8 @@ static char *get_kdc_ip_string(char *mem_ctx, const char *realm, const char *sit
int count_site = 0;
int count_nonsite;
char *kdc_str = talloc_asprintf(mem_ctx, "\tkdc = %s\n",
- inet_ntoa(primary_ip));
+ print_canonical_sockaddr(mem_ctx,
+ pss));
if (kdc_str == NULL) {
return NULL;
@@ -635,12 +639,15 @@ static char *get_kdc_ip_string(char *mem_ctx, const char *realm, const char *sit
get_kdc_list(realm, sitename, &ip_srv_site, &count_site);
for (i = 0; i < count_site; i++) {
- if (ip_equal(ip_srv_site[i].ip, primary_ip)) {
+ if (addr_equal(&ip_srv_site[i].ss, pss)) {
continue;
}
- /* Append to the string - inefficient but not done often. */
+ /* Append to the string - inefficient
+ * but not done often. */
kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
- kdc_str, inet_ntoa(ip_srv_site[i].ip));
+ kdc_str,
+ print_canonical_sockaddr(mem_ctx,
+ &ip_srv_site[i].ss));
if (!kdc_str) {
SAFE_FREE(ip_srv_site);
return NULL;
@@ -655,13 +662,14 @@ static char *get_kdc_ip_string(char *mem_ctx, const char *realm, const char *sit
for (i = 0; i < count_nonsite; i++) {
int j;
- if (ip_equal(ip_srv_nonsite[i].ip, primary_ip)) {
+ if (addr_equal(&ip_srv_nonsite[i].ss, pss)) {
continue;
}
/* Ensure this isn't an IP already seen (YUK! this is n*n....) */
for (j = 0; j < count_site; j++) {
- if (ip_equal(ip_srv_nonsite[i].ip, ip_srv_site[j].ip)) {
+ if (addr_equal(&ip_srv_nonsite[i].ss,
+ &ip_srv_site[j].ss)) {
break;
}
/* As the lists are sorted we can break early if nonsite > site. */
@@ -675,7 +683,9 @@ static char *get_kdc_ip_string(char *mem_ctx, const char *realm, const char *sit
/* Append to the string - inefficient but not done often. */
kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
- kdc_str, inet_ntoa(ip_srv_nonsite[i].ip));
+ kdc_str,
+ print_canonical_sockaddr(mem_ctx,
+ &ip_srv_nonsite[i].ss));
if (!kdc_str) {
SAFE_FREE(ip_srv_site);
SAFE_FREE(ip_srv_nonsite);
@@ -700,8 +710,10 @@ static char *get_kdc_ip_string(char *mem_ctx, const char *realm, const char *sit
run as root or will fail (which is a good thing :-).
************************************************************************/
-bool create_local_private_krb5_conf_for_domain(const char *realm, const char *domain,
- const char *sitename, struct in_addr ip)
+bool create_local_private_krb5_conf_for_domain(const char *realm,
+ const char *domain,
+ const char *sitename,
+ struct sockaddr_storage *pss)
{
char *dname = talloc_asprintf(NULL, "%s/smb_krb5", lp_lockdir());
char *tmpname = NULL;
@@ -742,12 +754,12 @@ bool create_local_private_krb5_conf_for_domain(const char *realm, const char *do
realm_upper = talloc_strdup(fname, realm);
strupper_m(realm_upper);
- kdc_ip_string = get_kdc_ip_string(dname, realm, sitename, ip);
+ kdc_ip_string = get_kdc_ip_string(dname, realm, sitename, pss);
if (!kdc_ip_string) {
TALLOC_FREE(dname);
return False;
}
-
+
file_contents = talloc_asprintf(fname, "[libdefaults]\n\tdefault_realm = %s\n\n"
"[realms]\n\t%s = {\n"
"\t%s\t}\n",
@@ -806,7 +818,7 @@ bool create_local_private_krb5_conf_for_domain(const char *realm, const char *do
DEBUG(5,("create_local_private_krb5_conf_for_domain: wrote "
"file %s with realm %s KDC = %s\n",
- fname, realm_upper, inet_ntoa(ip) ));
+ fname, realm_upper, print_canonical_sockaddr(dname, pss) ));
/* Set the environment variable to this file. */
setenv("KRB5_CONFIG", fname, 1);
diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c
index 73dffe7c1b..831a448847 100644
--- a/source3/libads/krb5_setpw.c
+++ b/source3/libads/krb5_setpw.c
@@ -402,11 +402,14 @@ static ADS_STATUS do_krb5_kpasswd_request(krb5_context context,
int ret, sock;
socklen_t addr_len;
struct sockaddr remote_addr, local_addr;
- struct in_addr *addr = interpret_addr2(kdc_host);
+ struct sockaddr_storage addr;
krb5_address local_kaddr, remote_kaddr;
bool use_tcp = False;
+ if (!interpret_string_addr(&addr, kdc_host, 0)) {
+ }
+
ret = krb5_mk_req_extended(context, &auth_context, AP_OPTS_USE_SUBKEY,
NULL, credsp, &ap_req);
if (ret) {
@@ -422,7 +425,7 @@ static ADS_STATUS do_krb5_kpasswd_request(krb5_context context,
} else {
- sock = open_socket_out(SOCK_STREAM, addr, DEFAULT_KPASSWD_PORT,
+ sock = open_socket_out(SOCK_STREAM, &addr, DEFAULT_KPASSWD_PORT,
LONG_CONNECT_TIMEOUT);
}
@@ -430,18 +433,29 @@ static ADS_STATUS do_krb5_kpasswd_request(krb5_context context,
int rc = errno;
SAFE_FREE(ap_req.data);
krb5_auth_con_free(context, auth_context);
- DEBUG(1,("failed to open kpasswd socket to %s (%s)\n",
+ DEBUG(1,("failed to open kpasswd socket to %s (%s)\n",
kdc_host, strerror(errno)));
return ADS_ERROR_SYSTEM(rc);
}
-
addr_len = sizeof(remote_addr);
getpeername(sock, &remote_addr, &addr_len);
addr_len = sizeof(local_addr);
getsockname(sock, &local_addr, &addr_len);
-
- setup_kaddr(&remote_kaddr, &remote_addr);
- setup_kaddr(&local_kaddr, &local_addr);
+
+ /* FIXME ! How do we do IPv6 here ? JRA. */
+ if (remote_addr.sa_family != AF_INET ||
+ local_addr.sa_family != AF_INET) {
+ DEBUG(1,("do_krb5_kpasswd_request: "
+ "no IPv6 support (yet).\n"));
+ close(sock);
+ SAFE_FREE(ap_req.data);
+ krb5_auth_con_free(context, auth_context);
+ errno = EINVAL;
+ return ADS_ERROR_SYSTEM(EINVAL);
+ }
+
+ setup_kaddr_v4(&remote_kaddr, &remote_addr);
+ setup_kaddr_v4(&local_kaddr, &local_addr);
ret = krb5_auth_con_setaddrs(context, auth_context, &local_kaddr, NULL);
if (ret) {
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index f85d3cd7b0..0294c4a5b5 100644
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -221,13 +221,19 @@ bool ads_try_connect(ADS_STRUCT *ads, const char *server )
ads->config.client_site_name =
SMB_STRDUP(cldap_reply.client_site_name);
}
-
ads->server.workgroup = SMB_STRDUP(cldap_reply.netbios_domain);
ads->ldap.port = LDAP_PORT;
- ads->ldap.ip = *interpret_addr2(srv);
+ if (!interpret_string_addr(&ads->ldap.ss, srv, 0)) {
+ DEBUG(1,("ads_try_connect: unable to convert %s "
+ "to an address\n",
+ srv));
+ SAFE_FREE( srv );
+ return False;
+ }
+
SAFE_FREE(srv);
-
+
/* Store our site name. */
sitename_store( cldap_reply.domain, cldap_reply.client_site_name );
@@ -306,10 +312,10 @@ static NTSTATUS ads_find_dc(ADS_STRUCT *ads)
/* if we fail this loop, then giveup since all the IP addresses returned were dead */
for ( i=0; i<count; i++ ) {
- fstring server;
-
- fstrcpy( server, inet_ntoa(ip_list[i].ip) );
-
+ char server[INET6_ADDRSTRLEN];
+
+ print_sockaddr(server, sizeof(server), &ip_list[i].ss);
+
if ( !NT_STATUS_IS_OK(check_negative_conn_cache(realm, server)) )
continue;
@@ -371,6 +377,7 @@ ADS_STATUS ads_connect(ADS_STRUCT *ads)
int version = LDAP_VERSION3;
ADS_STATUS status;
NTSTATUS ntstatus;
+ char addr[INET6_ADDRSTRLEN];
ZERO_STRUCT(ads->ldap);
ads->ldap.last_attempt = time(NULL);
@@ -378,7 +385,7 @@ ADS_STATUS ads_connect(ADS_STRUCT *ads)
/* try with a user specified server */
- if (ads->server.ldap_server &&
+ if (ads->server.ldap_server &&
ads_try_connect(ads, ads->server.ldap_server)) {
goto got_connection;
}
@@ -391,7 +398,9 @@ ADS_STATUS ads_connect(ADS_STRUCT *ads)
return ADS_ERROR_NT(ntstatus);
got_connection:
- DEBUG(3,("Connected to LDAP server %s\n", inet_ntoa(ads->ldap.ip)));
+
+ print_sockaddr(addr, sizeof(addr), &ads->ldap.ss);
+ DEBUG(3,("Connected to LDAP server %s\n", addr));
if (!ads->auth.user_name) {
/* Must use the userPrincipalName value here or sAMAccountName
@@ -405,7 +414,8 @@ got_connection:
}
if (!ads->auth.kdc_server) {
- ads->auth.kdc_server = SMB_STRDUP(inet_ntoa(ads->ldap.ip));
+ print_sockaddr(addr, sizeof(addr), &ads->ldap.ss);
+ ads->auth.kdc_server = SMB_STRDUP(addr);
}
#if KRB5_DNS_HACK
@@ -440,8 +450,9 @@ got_connection:
/* cache the successful connection for workgroup and realm */
if (ads_closest_dc(ads)) {
- saf_store( ads->server.workgroup, inet_ntoa(ads->ldap.ip));
- saf_store( ads->server.realm, inet_ntoa(ads->ldap.ip));
+ print_sockaddr(addr, sizeof(addr), &ads->ldap.ss);
+ saf_store( ads->server.workgroup, addr);
+ saf_store( ads->server.realm, addr);
}
ldap_set_option(ads->ldap.ld, LDAP_OPT_PROTOCOL_VERSION, &version);