summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/includes.h2
-rw-r--r--source3/libads/krb5_setpw.c18
-rw-r--r--source3/libsmb/clikrb5.c42
3 files changed, 42 insertions, 20 deletions
diff --git a/source3/include/includes.h b/source3/include/includes.h
index fc9e43e55b..b9e77010de 100644
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -1123,7 +1123,7 @@ void krb5_free_unparsed_name(krb5_context ctx, char *val);
#endif
/* Samba wrapper function for krb5 functionality. */
-void setup_kaddr_v4( krb5_address *pkaddr, struct sockaddr *paddr);
+bool setup_kaddr( krb5_address *pkaddr, struct sockaddr_storage *paddr);
int create_kerberos_key_from_string(krb5_context context, krb5_principal host_princ, krb5_data *password, krb5_keyblock *key, krb5_enctype enctype);
int create_kerberos_key_from_string_direct(krb5_context context, krb5_principal host_princ, krb5_data *password, krb5_keyblock *key, krb5_enctype enctype);
bool get_auth_data_from_tkt(TALLOC_CTX *mem_ctx, DATA_BLOB *auth_data, krb5_ticket *tkt);
diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c
index 831a448847..852251a476 100644
--- a/source3/libads/krb5_setpw.c
+++ b/source3/libads/krb5_setpw.c
@@ -401,7 +401,7 @@ static ADS_STATUS do_krb5_kpasswd_request(krb5_context context,
krb5_data ap_req, chpw_req, chpw_rep;
int ret, sock;
socklen_t addr_len;
- struct sockaddr remote_addr, local_addr;
+ struct sockaddr_storage remote_addr, local_addr;
struct sockaddr_storage addr;
krb5_address local_kaddr, remote_kaddr;
bool use_tcp = False;
@@ -438,15 +438,14 @@ static ADS_STATUS do_krb5_kpasswd_request(krb5_context context,
return ADS_ERROR_SYSTEM(rc);
}
addr_len = sizeof(remote_addr);
- getpeername(sock, &remote_addr, &addr_len);
+ getpeername(sock, (struct sockaddr *)&remote_addr, &addr_len);
addr_len = sizeof(local_addr);
- getsockname(sock, &local_addr, &addr_len);
+ getsockname(sock, (struct sockaddr *)&local_addr, &addr_len);
- /* FIXME ! How do we do IPv6 here ? JRA. */
- if (remote_addr.sa_family != AF_INET ||
- local_addr.sa_family != AF_INET) {
+ if (!setup_kaddr(&remote_kaddr, &remote_addr) ||
+ !setup_kaddr(&local_kaddr, &local_addr)) {
DEBUG(1,("do_krb5_kpasswd_request: "
- "no IPv6 support (yet).\n"));
+ "Failed to setup addresses.\n"));
close(sock);
SAFE_FREE(ap_req.data);
krb5_auth_con_free(context, auth_context);
@@ -454,9 +453,6 @@ static ADS_STATUS do_krb5_kpasswd_request(krb5_context context,
return ADS_ERROR_SYSTEM(EINVAL);
}
- setup_kaddr_v4(&remote_kaddr, &remote_addr);
- setup_kaddr_v4(&local_kaddr, &local_addr);
-
ret = krb5_auth_con_setaddrs(context, auth_context, &local_kaddr, NULL);
if (ret) {
close(sock);
@@ -465,7 +461,7 @@ static ADS_STATUS do_krb5_kpasswd_request(krb5_context context,
DEBUG(1,("krb5_auth_con_setaddrs failed (%s)\n", error_message(ret)));
return ADS_ERROR_KRB5(ret);
}
-
+
ret = build_kpasswd_request(pversion, context, auth_context, &ap_req,
princ, newpw, use_tcp, &chpw_req);
if (ret) {
diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c
index fb25e9e203..d996d61a48 100644
--- a/source3/libsmb/clikrb5.c
+++ b/source3/libsmb/clikrb5.c
@@ -162,19 +162,45 @@ static krb5_error_code smb_krb5_parse_name_norealm_conv(krb5_context context,
#if defined(HAVE_ADDR_TYPE_IN_KRB5_ADDRESS)
/* HEIMDAL */
- void setup_kaddr_v4( krb5_address *pkaddr, struct sockaddr *paddr)
+ bool setup_kaddr( krb5_address *pkaddr, struct sockaddr_storage *paddr)
{
- pkaddr->addr_type = KRB5_ADDRESS_INET;
- pkaddr->address.length = sizeof(((struct sockaddr_in *)paddr)->sin_addr);
- pkaddr->address.data = (char *)&(((struct sockaddr_in *)paddr)->sin_addr);
+ memset(pkaddr, '\0', sizeof(krb5_address));
+#if defined(HAVE_IPV6) && defined(KRB5_ADDRESS_INET6)
+ if (paddr->ss_family == AF_INET6) {
+ pkaddr->addr_type = KRB5_ADDRESS_INET6;
+ pkaddr->address.length = sizeof(((struct sockaddr_in6 *)paddr)->sin6_addr);
+ pkaddr->address.data = (char *)&(((struct sockaddr_in6 *)paddr)->sin6_addr);
+ return true;
+ }
+#endif
+ if (paddr->ss_family == AF_INET) {
+ pkaddr->addr_type = KRB5_ADDRESS_INET;
+ pkaddr->address.length = sizeof(((struct sockaddr_in *)paddr)->sin_addr);
+ pkaddr->address.data = (char *)&(((struct sockaddr_in *)paddr)->sin_addr);
+ return true;
+ }
+ return false;
}
#elif defined(HAVE_ADDRTYPE_IN_KRB5_ADDRESS)
/* MIT */
- void setup_kaddr_v4( krb5_address *pkaddr, struct sockaddr *paddr)
+ bool setup_kaddr( krb5_address *pkaddr, struct sockaddr_storage *paddr)
{
- pkaddr->addrtype = ADDRTYPE_INET;
- pkaddr->length = sizeof(((struct sockaddr_in *)paddr)->sin_addr);
- pkaddr->contents = (krb5_octet *)&(((struct sockaddr_in *)paddr)->sin_addr);
+ memset(pkaddr, '\0', sizeof(krb5_address));
+#if defined(HAVE_IPV6) && defined(ADDRTYPE_INET6)
+ if (paddr->ss_family == AF_INET6) {
+ pkaddr->addrtype = ADDRTYPE_INET6;
+ pkaddr->length = sizeof(((struct sockaddr_in6 *)paddr)->sin6_addr);
+ pkaddr->contents = (krb5_octet *)&(((struct sockaddr_in6 *)paddr)->sin6_addr);
+ return true;
+ }
+#endif
+ if (paddr->ss_family == AF_INET) {
+ pkaddr->addrtype = ADDRTYPE_INET;
+ pkaddr->length = sizeof(((struct sockaddr_in *)paddr)->sin_addr);
+ pkaddr->contents = (krb5_octet *)&(((struct sockaddr_in *)paddr)->sin_addr);
+ return true;
+ }
+ return false;
}
#else
#error UNKNOWN_ADDRTYPE