diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2006-01-09 22:12:53 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:49:57 -0500 |
| commit | f55ea8bb3dca868e21663cd90eaea7a35cd7886c (patch) | |
| tree | 80aab2a3f10310e1946821603752cd407e435214 /source4/lib/socket/access.c | |
| parent | 806b3fdbc12b3284ab9872a4ecae3a7ee34ea171 (diff) | |
| download | samba-f55ea8bb3dca868e21663cd90eaea7a35cd7886c.tar.gz samba-f55ea8bb3dca868e21663cd90eaea7a35cd7886c.tar.bz2 samba-f55ea8bb3dca868e21663cd90eaea7a35cd7886c.zip | |
r12804: This patch reworks the Samba4 sockets layer to use a socket_address
structure that is more generic than just 'IP/port'.
It now passes make test, and has been reviewed and updated by
metze. (Thankyou *very* much).
This passes 'make test' as well as kerberos use (not currently in the
testsuite).
The original purpose of this patch was to have Samba able to pass a
socket address stucture from the BSD layer into the kerberos routines
and back again. It also removes nbt_peer_addr, which was being used
for a similar purpose.
It is a large change, but worthwhile I feel.
Andrew Bartlett
(This used to be commit 88198c4881d8620a37086f80e4da5a5b71c5bbb2)
Diffstat (limited to 'source4/lib/socket/access.c')
| -rw-r--r-- | source4/lib/socket/access.c | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/source4/lib/socket/access.c b/source4/lib/socket/access.c index 1d0a90f1ee..8e57ca5aff 100644 --- a/source4/lib/socket/access.c +++ b/source4/lib/socket/access.c @@ -310,7 +310,8 @@ BOOL socket_check_access(struct socket_context *sock, const char **allow_list, const char **deny_list) { BOOL ret; - const char *name="", *addr; + const char *name=""; + struct socket_address *addr; TALLOC_CTX *mem_ctx; if ((!deny_list || *deny_list==0) && @@ -324,13 +325,18 @@ BOOL socket_check_access(struct socket_context *sock, } addr = socket_get_peer_addr(sock, mem_ctx); + if (!addr) { + DEBUG(0,("socket_check_access: Denied connection from unknown host: could not get peer address from kernel\n")); + talloc_free(mem_ctx); + return False; + } /* bypass gethostbyaddr() calls if the lists only contain IP addrs */ if (!only_ipaddrs_in_list(allow_list) || !only_ipaddrs_in_list(deny_list)) { name = socket_get_peer_name(sock, mem_ctx); if (!name) { - name = addr; + name = addr->addr; } } @@ -340,14 +346,14 @@ BOOL socket_check_access(struct socket_context *sock, return False; } - ret = allow_access(mem_ctx, deny_list, allow_list, name, addr); + ret = allow_access(mem_ctx, deny_list, allow_list, name, addr->addr); if (ret) { DEBUG(2,("socket_check_access: Allowed connection to '%s' from %s (%s)\n", - service_name, name, addr)); + service_name, name, addr->addr)); } else { DEBUG(0,("socket_check_access: Denied connection to '%s' from %s (%s)\n", - service_name, name, addr)); + service_name, name, addr->addr)); } talloc_free(mem_ctx); |