diff options
-rw-r--r-- | source3/lib/util_sock.c | 27 | ||||
-rw-r--r-- | source3/libads/kerberos.c | 69 |
2 files changed, 81 insertions, 15 deletions
diff --git a/source3/lib/util_sock.c b/source3/lib/util_sock.c index 945506ea77..10428113ae 100644 --- a/source3/lib/util_sock.c +++ b/source3/lib/util_sock.c @@ -476,6 +476,29 @@ bool is_address_any(const struct sockaddr_storage *psa) } /**************************************************************************** + Get a port number in host byte order from a sockaddr_storage. +****************************************************************************/ + +uint16_t get_sockaddr_port(const struct sockaddr_storage *pss) +{ + uint16_t port = 0; + + if (pss->ss_family != AF_INET) { +#if defined(HAVE_IPV6) + /* IPv6 */ + const struct sockaddr_in6 *sa6 = + (const struct sockaddr_in6 *)pss; + port = ntohs(sa6->sin6_port); +#endif + } else { + const struct sockaddr_in *sa = + (const struct sockaddr_in *)pss; + port = ntohs(sa->sin_port); + } + return port; +} + +/**************************************************************************** Print out an IPv4 or IPv6 address from a struct sockaddr_storage. ****************************************************************************/ @@ -518,7 +541,7 @@ char *print_canonical_sockaddr(TALLOC_CTX *ctx, char *dest = NULL; int ret; - ret = getnameinfo((const struct sockaddr *)pss, + ret = sys_getnameinfo((const struct sockaddr *)pss, sizeof(struct sockaddr_storage), addr, sizeof(addr), NULL, 0, @@ -1847,7 +1870,7 @@ const char *get_peer_name(int fd, bool force_lookup) } /* Look up the remote host name. */ - ret = getnameinfo((struct sockaddr *)&ss, + ret = sys_getnameinfo((struct sockaddr *)&ss, length, name_buf, sizeof(name_buf), diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c index e9222e8401..f7e947b1e7 100644 --- a/source3/libads/kerberos.c +++ b/source3/libads/kerberos.c @@ -25,6 +25,8 @@ #ifdef HAVE_KRB5 +#define DEFAULT_KRB5_PORT 88 + #define LIBADS_CCACHE_NAME "MEMORY:libads" /* @@ -666,6 +668,51 @@ int kerberos_kinit_password(const char *principal, } /************************************************************************ +************************************************************************/ + +static char *print_kdc_line(char *mem_ctx, + const char *prev_line, + const struct sockaddr_storage *pss) +{ + char *kdc_str = NULL; + + if (pss->ss_family == AF_INET) { + kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n", + prev_line, + print_canonical_sockaddr(mem_ctx, pss)); + } else { + char addr[INET6_ADDRSTRLEN]; + uint16_t port = get_sockaddr_port(pss); + + if (port != 0 && port != DEFAULT_KRB5_PORT) { + /* Currently for IPv6 we can't specify a non-default + krb5 port with an address, as this requires a ':'. + Resolve to a name. */ + char hostname[MAX_DNS_NAME_LENGTH]; + if (sys_getnameinfo((const struct sockaddr *)pss, + sizeof(*pss), + hostname, sizeof(hostname), + NULL, 0, + NI_NAMEREQD) == 0) { + /* Success, use host:port */ + kdc_str = talloc_asprintf(mem_ctx, + "%s\tkdc = %s:%u\n", + prev_line, + hostname, + (unsigned int)port); + return kdc_str; + } + } + kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n", + prev_line, + print_sockaddr(addr, + sizeof(addr), + pss)); + } + return kdc_str; +} + +/************************************************************************ Create a string list of available kdc's, possibly searching by sitename. Does DNS queries. ************************************************************************/ @@ -677,12 +724,10 @@ static char *get_kdc_ip_string(char *mem_ctx, { int i; struct ip_service *ip_srv_site = NULL; - struct ip_service *ip_srv_nonsite; + struct ip_service *ip_srv_nonsite = NULL; int count_site = 0; int count_nonsite; - char *kdc_str = talloc_asprintf(mem_ctx, "\tkdc = %s\n", - print_canonical_sockaddr(mem_ctx, - pss)); + char *kdc_str = print_kdc_line(mem_ctx, "", pss); if (kdc_str == NULL) { return NULL; @@ -700,10 +745,9 @@ static char *get_kdc_ip_string(char *mem_ctx, } /* Append to the string - inefficient * but not done often. */ - kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n", - kdc_str, - print_canonical_sockaddr(mem_ctx, - &ip_srv_site[i].ss)); + kdc_str = print_kdc_line(mem_ctx, + kdc_str, + &ip_srv_site[i].ss); if (!kdc_str) { SAFE_FREE(ip_srv_site); return NULL; @@ -738,10 +782,9 @@ static char *get_kdc_ip_string(char *mem_ctx, } /* Append to the string - inefficient but not done often. */ - kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n", + kdc_str = print_kdc_line(mem_ctx, kdc_str, - print_canonical_sockaddr(mem_ctx, - &ip_srv_nonsite[i].ss)); + &ip_srv_nonsite[i].ss); if (!kdc_str) { SAFE_FREE(ip_srv_site); SAFE_FREE(ip_srv_nonsite); @@ -873,8 +916,8 @@ bool create_local_private_krb5_conf_for_domain(const char *realm, } DEBUG(5,("create_local_private_krb5_conf_for_domain: wrote " - "file %s with realm %s KDC = %s\n", - fname, realm_upper, print_canonical_sockaddr(dname, pss) )); + "file %s with realm %s KDC list = %s\n", + fname, realm_upper, kdc_ip_string)); /* Set the environment variable to this file. */ setenv("KRB5_CONFIG", fname, 1); |