summaryrefslogtreecommitdiff
path: root/source4/kdc
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2006-01-09 22:12:53 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:49:57 -0500
commitf55ea8bb3dca868e21663cd90eaea7a35cd7886c (patch)
tree80aab2a3f10310e1946821603752cd407e435214 /source4/kdc
parent806b3fdbc12b3284ab9872a4ecae3a7ee34ea171 (diff)
downloadsamba-f55ea8bb3dca868e21663cd90eaea7a35cd7886c.tar.gz
samba-f55ea8bb3dca868e21663cd90eaea7a35cd7886c.tar.bz2
samba-f55ea8bb3dca868e21663cd90eaea7a35cd7886c.zip
r12804: This patch reworks the Samba4 sockets layer to use a socket_address
structure that is more generic than just 'IP/port'. It now passes make test, and has been reviewed and updated by metze. (Thankyou *very* much). This passes 'make test' as well as kerberos use (not currently in the testsuite). The original purpose of this patch was to have Samba able to pass a socket address stucture from the BSD layer into the kerberos routines and back again. It also removes nbt_peer_addr, which was being used for a similar purpose. It is a large change, but worthwhile I feel. Andrew Bartlett (This used to be commit 88198c4881d8620a37086f80e4da5a5b71c5bbb2)
Diffstat (limited to 'source4/kdc')
-rw-r--r--source4/kdc/kdc.c80
-rw-r--r--source4/kdc/kdc.h6
-rw-r--r--source4/kdc/kpasswdd.c10
3 files changed, 38 insertions, 58 deletions
diff --git a/source4/kdc/kdc.c b/source4/kdc/kdc.c
index 6dcce3254d..12672bee53 100644
--- a/source4/kdc/kdc.c
+++ b/source4/kdc/kdc.c
@@ -36,8 +36,7 @@
/* hold all the info needed to send a reply */
struct kdc_reply {
struct kdc_reply *next, *prev;
- const char *dest_address;
- int dest_port;
+ struct socket_address *dest;
DATA_BLOB packet;
};
@@ -45,8 +44,8 @@ typedef BOOL (*kdc_process_fn_t)(struct kdc_server *kdc,
TALLOC_CTX *mem_ctx,
DATA_BLOB *input,
DATA_BLOB *reply,
- const char *peer_address, int peer_port,
- const char *my_address, int my_port);
+ struct socket_address *peer_addr,
+ struct socket_address *my_addr);
/* hold information about one kdc socket */
struct kdc_socket {
@@ -85,7 +84,7 @@ static void kdc_send_handler(struct kdc_socket *kdc_socket)
size_t sendlen;
status = socket_sendto(kdc_socket->sock, &rep->packet, &sendlen, 0,
- rep->dest_address, rep->dest_port);
+ rep->dest);
if (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
break;
}
@@ -114,10 +113,8 @@ static void kdc_recv_handler(struct kdc_socket *kdc_socket)
struct kdc_reply *rep;
DATA_BLOB reply;
size_t nread, dsize;
- const char *src_addr;
- int src_port;
- const char *my_addr;
- int my_port;
+ struct socket_address *src;
+ struct socket_address *my_addr;
int ret;
status = socket_pending(kdc_socket->sock, &dsize);
@@ -134,23 +131,21 @@ static void kdc_recv_handler(struct kdc_socket *kdc_socket)
}
status = socket_recvfrom(kdc_socket->sock, blob.data, blob.length, &nread, 0,
- &src_addr, &src_port);
+ tmp_ctx, &src);
if (!NT_STATUS_IS_OK(status)) {
talloc_free(tmp_ctx);
return;
}
- talloc_steal(tmp_ctx, src_addr);
blob.length = nread;
DEBUG(10,("Received krb5 UDP packet of length %lu from %s:%u\n",
- (long)blob.length, src_addr, (uint16_t)src_port));
+ (long)blob.length, src->addr, (uint16_t)src->port));
my_addr = socket_get_my_addr(kdc_socket->sock, tmp_ctx);
if (!my_addr) {
talloc_free(tmp_ctx);
return;
}
- my_port = socket_get_my_port(kdc_socket->sock);
/* Call krb5 */
@@ -158,8 +153,7 @@ static void kdc_recv_handler(struct kdc_socket *kdc_socket)
tmp_ctx,
&blob,
&reply,
- src_addr, src_port,
- my_addr, my_port);
+ src, my_addr);
if (!ret) {
talloc_free(tmp_ctx);
return;
@@ -171,8 +165,7 @@ static void kdc_recv_handler(struct kdc_socket *kdc_socket)
talloc_free(tmp_ctx);
return;
}
- rep->dest_address = talloc_steal(rep, src_addr);
- rep->dest_port = src_port;
+ rep->dest = talloc_steal(rep, src);
rep->packet = reply;
talloc_steal(rep, reply.data);
@@ -218,10 +211,8 @@ static NTSTATUS kdc_tcp_recv(void *private, DATA_BLOB blob)
TALLOC_CTX *tmp_ctx = talloc_new(kdcconn);
int ret;
DATA_BLOB input, reply;
- const char *src_addr;
- int src_port;
- const char *my_addr;
- int my_port;
+ struct socket_address *src_addr;
+ struct socket_address *my_addr;
talloc_steal(tmp_ctx, blob.data);
@@ -230,14 +221,12 @@ static NTSTATUS kdc_tcp_recv(void *private, DATA_BLOB blob)
talloc_free(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
- src_port = socket_get_my_port(kdcconn->conn->socket);
my_addr = socket_get_my_addr(kdcconn->conn->socket, tmp_ctx);
if (!my_addr) {
talloc_free(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
- my_port = socket_get_my_port(kdcconn->conn->socket);
/* Call krb5 */
input = data_blob_const(blob.data + 4, blob.length - 4);
@@ -246,8 +235,8 @@ static NTSTATUS kdc_tcp_recv(void *private, DATA_BLOB blob)
tmp_ctx,
&input,
&reply,
- src_addr, src_port,
- my_addr, my_port);
+ src_addr,
+ my_addr);
if (!ret) {
talloc_free(tmp_ctx);
return NT_STATUS_INTERNAL_ERROR;
@@ -312,35 +301,21 @@ static BOOL kdc_process(struct kdc_server *kdc,
TALLOC_CTX *mem_ctx,
DATA_BLOB *input,
DATA_BLOB *reply,
- const char *peer_addr,
- int peer_port,
- const char *my_addr,
- int my_port)
+ struct socket_address *peer_addr,
+ struct socket_address *my_addr)
{
int ret;
krb5_data k5_reply;
- struct ipv4_addr addr;
- struct sockaddr_in peer_sock_addr;
-
- /* TODO: This really should be in a utility function somewhere */
- ZERO_STRUCT(peer_sock_addr);
-#ifdef HAVE_SOCK_SIN_LEN
- peer_sock_addr.sin_len = sizeof(peer_sock_addr);
-#endif
- addr = interpret_addr2(peer_addr);
- peer_sock_addr.sin_addr.s_addr = addr.addr;
- peer_sock_addr.sin_port = htons(peer_port);
- peer_sock_addr.sin_family = PF_INET;
-
- DEBUG(10,("Received KDC packet of length %lu from %s\n",
- (long)input->length - 4, peer_addr));
+
+ DEBUG(10,("Received KDC packet of length %lu from %s:%d\n",
+ (long)input->length - 4, peer_addr->addr, peer_addr->port));
ret = krb5_kdc_process_krb5_request(kdc->smb_krb5_context->krb5_context,
kdc->config,
input->data, input->length,
&k5_reply,
- peer_addr,
- (struct sockaddr *)&peer_sock_addr);
+ peer_addr->addr,
+ peer_addr->sockaddr);
if (ret == -1) {
*reply = data_blob(NULL, 0);
return False;
@@ -415,6 +390,7 @@ static NTSTATUS kdc_add_socket(struct kdc_server *kdc, const char *address)
const struct model_ops *model_ops;
struct kdc_socket *kdc_socket;
struct kdc_socket *kpasswd_socket;
+ struct socket_address *kdc_address, *kpasswd_address;
NTSTATUS status;
uint16_t kdc_port = lp_krb5_port();
uint16_t kpasswd_port = lp_kpasswd_port();
@@ -447,7 +423,11 @@ static NTSTATUS kdc_add_socket(struct kdc_server *kdc, const char *address)
socket_get_fd(kdc_socket->sock), EVENT_FD_READ,
kdc_socket_handler, kdc_socket);
- status = socket_listen(kdc_socket->sock, address, kdc_port, 0, 0);
+ kdc_address = socket_address_from_strings(kdc_socket, kdc_socket->sock->backend_name,
+ address, kdc_port);
+ NT_STATUS_HAVE_NO_MEMORY(kdc_address);
+
+ status = socket_listen(kdc_socket->sock, kdc_address, 0, 0);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("Failed to bind to %s:%d UDP for kdc - %s\n",
address, kdc_port, nt_errstr(status)));
@@ -465,7 +445,11 @@ static NTSTATUS kdc_add_socket(struct kdc_server *kdc, const char *address)
socket_get_fd(kpasswd_socket->sock), EVENT_FD_READ,
kdc_socket_handler, kpasswd_socket);
- status = socket_listen(kpasswd_socket->sock, address, kpasswd_port, 0, 0);
+ kpasswd_address = socket_address_from_strings(kpasswd_socket, kpasswd_socket->sock->backend_name,
+ address, kpasswd_port);
+ NT_STATUS_HAVE_NO_MEMORY(kpasswd_address);
+
+ status = socket_listen(kpasswd_socket->sock, kpasswd_address, 0, 0);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("Failed to bind to %s:%d UDP for kpasswd - %s\n",
address, kpasswd_port, nt_errstr(status)));
diff --git a/source4/kdc/kdc.h b/source4/kdc/kdc.h
index 9356879415..1038c7df95 100644
--- a/source4/kdc/kdc.h
+++ b/source4/kdc/kdc.h
@@ -35,10 +35,8 @@ BOOL kpasswdd_process(struct kdc_server *kdc,
TALLOC_CTX *mem_ctx,
DATA_BLOB *input,
DATA_BLOB *reply,
- const char *peer_addr,
- int peer_port,
- const char *my_addr,
- int my_port);
+ struct socket_address *peer_addr,
+ struct socket_address *my_addr);
/*
top level context structure for the kdc server
diff --git a/source4/kdc/kpasswdd.c b/source4/kdc/kpasswdd.c
index 7ae9a9f961..05aced904d 100644
--- a/source4/kdc/kpasswdd.c
+++ b/source4/kdc/kpasswdd.c
@@ -398,10 +398,8 @@ BOOL kpasswdd_process(struct kdc_server *kdc,
TALLOC_CTX *mem_ctx,
DATA_BLOB *input,
DATA_BLOB *reply,
- const char *peer_addr,
- int peer_port,
- const char *my_addr,
- int my_port)
+ struct socket_address *peer_addr,
+ struct socket_address *my_addr)
{
BOOL ret;
const uint16_t header_len = 6;
@@ -485,12 +483,12 @@ BOOL kpasswdd_process(struct kdc_server *kdc,
/* The kerberos PRIV packets include these addresses. MIT
* clients check that they are present */
- nt_status = gensec_set_peer_addr(gensec_security, peer_addr, peer_port);
+ nt_status = gensec_set_peer_addr(gensec_security, peer_addr);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(tmp_ctx);
return False;
}
- nt_status = gensec_set_my_addr(gensec_security, my_addr, my_port);
+ nt_status = gensec_set_my_addr(gensec_security, my_addr);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(tmp_ctx);
return False;