diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2006-01-09 22:12:53 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:49:57 -0500 |
| commit | f55ea8bb3dca868e21663cd90eaea7a35cd7886c (patch) | |
| tree | 80aab2a3f10310e1946821603752cd407e435214 /source4/auth/gensec | |
| parent | 806b3fdbc12b3284ab9872a4ecae3a7ee34ea171 (diff) | |
| download | samba-f55ea8bb3dca868e21663cd90eaea7a35cd7886c.tar.gz samba-f55ea8bb3dca868e21663cd90eaea7a35cd7886c.tar.bz2 samba-f55ea8bb3dca868e21663cd90eaea7a35cd7886c.zip | |
r12804: This patch reworks the Samba4 sockets layer to use a socket_address
structure that is more generic than just 'IP/port'.
It now passes make test, and has been reviewed and updated by
metze. (Thankyou *very* much).
This passes 'make test' as well as kerberos use (not currently in the
testsuite).
The original purpose of this patch was to have Samba able to pass a
socket address stucture from the BSD layer into the kerberos routines
and back again. It also removes nbt_peer_addr, which was being used
for a similar purpose.
It is a large change, but worthwhile I feel.
Andrew Bartlett
(This used to be commit 88198c4881d8620a37086f80e4da5a5b71c5bbb2)
Diffstat (limited to 'source4/auth/gensec')
| -rw-r--r-- | source4/auth/gensec/gensec.c | 34 | ||||
| -rw-r--r-- | source4/auth/gensec/gensec.h | 7 | ||||
| -rw-r--r-- | source4/auth/gensec/gensec_krb5.c | 41 |
3 files changed, 21 insertions, 61 deletions
diff --git a/source4/auth/gensec/gensec.c b/source4/auth/gensec/gensec.c index 65bc5d2450..fa5c877363 100644 --- a/source4/auth/gensec/gensec.c +++ b/source4/auth/gensec/gensec.c @@ -864,39 +864,34 @@ const char *gensec_get_target_hostname(struct gensec_security *gensec_security) } /** - * Set local and peer socket addresses onto a socket context on the GENSEC context + * Set (and talloc_reference) local and peer socket addresses onto a socket context on the GENSEC context * * This is so that kerberos can include these addresses in * cryptographic tokens, to avoid certain attacks. */ -NTSTATUS gensec_set_my_addr(struct gensec_security *gensec_security, const char *my_addr, int port) +NTSTATUS gensec_set_my_addr(struct gensec_security *gensec_security, struct socket_address *my_addr) { - gensec_security->my_addr.addr = talloc_strdup(gensec_security, my_addr); - if (my_addr && !gensec_security->my_addr.addr) { + gensec_security->my_addr = my_addr; + if (my_addr && !talloc_reference(gensec_security, my_addr)) { return NT_STATUS_NO_MEMORY; } - gensec_security->my_addr.port = port; return NT_STATUS_OK; } -NTSTATUS gensec_set_peer_addr(struct gensec_security *gensec_security, const char *peer_addr, int port) +NTSTATUS gensec_set_peer_addr(struct gensec_security *gensec_security, struct socket_address *peer_addr) { - gensec_security->peer_addr.addr = talloc_strdup(gensec_security, peer_addr); - if (peer_addr && !gensec_security->peer_addr.addr) { + gensec_security->peer_addr = peer_addr; + if (peer_addr && !talloc_reference(gensec_security, peer_addr)) { return NT_STATUS_NO_MEMORY; } - gensec_security->peer_addr.port = port; return NT_STATUS_OK; } -const char *gensec_get_my_addr(struct gensec_security *gensec_security, int *port) +struct socket_address *gensec_get_my_addr(struct gensec_security *gensec_security) { - if (gensec_security->my_addr.addr) { - if (port) { - *port = gensec_security->my_addr.port; - } - return gensec_security->my_addr.addr; + if (gensec_security->my_addr) { + return gensec_security->my_addr; } /* We could add a 'set sockaddr' call, and do a lookup. This @@ -904,13 +899,10 @@ const char *gensec_get_my_addr(struct gensec_security *gensec_security, int *por return NULL; } -const char *gensec_get_peer_addr(struct gensec_security *gensec_security, int *port) +struct socket_address *gensec_get_peer_addr(struct gensec_security *gensec_security) { - if (gensec_security->peer_addr.addr) { - if (port) { - *port = gensec_security->peer_addr.port; - } - return gensec_security->peer_addr.addr; + if (gensec_security->peer_addr) { + return gensec_security->peer_addr; } /* We could add a 'set sockaddr' call, and do a lookup. This diff --git a/source4/auth/gensec/gensec.h b/source4/auth/gensec/gensec.h index 67bec3a0f5..6821d7f2db 100644 --- a/source4/auth/gensec/gensec.h +++ b/source4/auth/gensec/gensec.h @@ -34,11 +34,6 @@ struct gensec_target { const char *service; }; -struct gensec_addr { - const char *addr; - int port; -}; - #define GENSEC_FEATURE_SESSION_KEY 0x00000001 #define GENSEC_FEATURE_SIGN 0x00000002 #define GENSEC_FEATURE_SEAL 0x00000004 @@ -118,7 +113,7 @@ struct gensec_security { BOOL subcontext; uint32_t want_features; struct event_context *event_ctx; - struct gensec_addr my_addr, peer_addr; + struct socket_address *my_addr, *peer_addr; }; /* this structure is used by backends to determine the size of some critical types */ diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c index 478ebcfbf0..98f7e726cc 100644 --- a/source4/auth/gensec/gensec_krb5.c +++ b/source4/auth/gensec/gensec_krb5.c @@ -87,8 +87,7 @@ static NTSTATUS gensec_krb5_start(struct gensec_security *gensec_security) krb5_error_code ret; struct gensec_krb5_state *gensec_krb5_state; struct cli_credentials *creds; - const char *my_addr, *peer_addr; - int my_port, peer_port; + const struct socket_address *my_addr, *peer_addr; krb5_address my_krb5_addr, peer_krb5_addr; creds = gensec_get_credentials(gensec_security); @@ -138,23 +137,10 @@ static NTSTATUS gensec_krb5_start(struct gensec_security *gensec_security) return NT_STATUS_INTERNAL_ERROR; } - my_addr = gensec_get_my_addr(gensec_security, &my_port); - if (my_addr) { - struct sockaddr_in sock_addr; - struct ipv4_addr addr; - - /* TODO: This really should be in a utility function somewhere */ - ZERO_STRUCT(sock_addr); -#ifdef HAVE_SOCK_SIN_LEN - sock_addr.sin_len = sizeof(sock_addr); -#endif - addr = interpret_addr2(my_addr); - sock_addr.sin_addr.s_addr = addr.addr; - sock_addr.sin_port = htons(my_port); - sock_addr.sin_family = PF_INET; - + my_addr = gensec_get_my_addr(gensec_security); + if (my_addr && my_addr->sockaddr) { ret = krb5_sockaddr2address(gensec_krb5_state->smb_krb5_context->krb5_context, - (struct sockaddr *)&sock_addr, &my_krb5_addr); + my_addr->sockaddr, &my_krb5_addr); if (ret) { DEBUG(1,("gensec_krb5_start: krb5_sockaddr2address (local) failed (%s)\n", smb_get_krb5_error_message(gensec_krb5_state->smb_krb5_context->krb5_context, @@ -164,23 +150,10 @@ static NTSTATUS gensec_krb5_start(struct gensec_security *gensec_security) } } - peer_addr = gensec_get_my_addr(gensec_security, &peer_port); - if (peer_addr) { - struct sockaddr_in sock_addr; - struct ipv4_addr addr; - - /* TODO: This really should be in a utility function somewhere */ - ZERO_STRUCT(sock_addr); -#ifdef HAVE_SOCK_SIN_LEN - sock_addr.sin_len = sizeof(sock_addr); -#endif - addr = interpret_addr2(peer_addr); - sock_addr.sin_addr.s_addr = addr.addr; - sock_addr.sin_port = htons(peer_port); - sock_addr.sin_family = PF_INET; - + peer_addr = gensec_get_my_addr(gensec_security); + if (peer_addr && peer_addr->sockaddr) { ret = krb5_sockaddr2address(gensec_krb5_state->smb_krb5_context->krb5_context, - (struct sockaddr *)&sock_addr, &peer_krb5_addr); + peer_addr->sockaddr, &peer_krb5_addr); if (ret) { DEBUG(1,("gensec_krb5_start: krb5_sockaddr2address (local) failed (%s)\n", smb_get_krb5_error_message(gensec_krb5_state->smb_krb5_context->krb5_context, |