diff options
-rw-r--r-- | source3/include/includes.h | 2 | ||||
-rw-r--r-- | source3/libads/krb5_setpw.c | 18 | ||||
-rw-r--r-- | source3/libsmb/clikrb5.c | 42 |
3 files changed, 42 insertions, 20 deletions
diff --git a/source3/include/includes.h b/source3/include/includes.h index fc9e43e55b..b9e77010de 100644 --- a/source3/include/includes.h +++ b/source3/include/includes.h @@ -1123,7 +1123,7 @@ void krb5_free_unparsed_name(krb5_context ctx, char *val); #endif /* Samba wrapper function for krb5 functionality. */ -void setup_kaddr_v4( krb5_address *pkaddr, struct sockaddr *paddr); +bool setup_kaddr( krb5_address *pkaddr, struct sockaddr_storage *paddr); int create_kerberos_key_from_string(krb5_context context, krb5_principal host_princ, krb5_data *password, krb5_keyblock *key, krb5_enctype enctype); int create_kerberos_key_from_string_direct(krb5_context context, krb5_principal host_princ, krb5_data *password, krb5_keyblock *key, krb5_enctype enctype); bool get_auth_data_from_tkt(TALLOC_CTX *mem_ctx, DATA_BLOB *auth_data, krb5_ticket *tkt); diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c index 831a448847..852251a476 100644 --- a/source3/libads/krb5_setpw.c +++ b/source3/libads/krb5_setpw.c @@ -401,7 +401,7 @@ static ADS_STATUS do_krb5_kpasswd_request(krb5_context context, krb5_data ap_req, chpw_req, chpw_rep; int ret, sock; socklen_t addr_len; - struct sockaddr remote_addr, local_addr; + struct sockaddr_storage remote_addr, local_addr; struct sockaddr_storage addr; krb5_address local_kaddr, remote_kaddr; bool use_tcp = False; @@ -438,15 +438,14 @@ static ADS_STATUS do_krb5_kpasswd_request(krb5_context context, return ADS_ERROR_SYSTEM(rc); } addr_len = sizeof(remote_addr); - getpeername(sock, &remote_addr, &addr_len); + getpeername(sock, (struct sockaddr *)&remote_addr, &addr_len); addr_len = sizeof(local_addr); - getsockname(sock, &local_addr, &addr_len); + getsockname(sock, (struct sockaddr *)&local_addr, &addr_len); - /* FIXME ! How do we do IPv6 here ? JRA. */ - if (remote_addr.sa_family != AF_INET || - local_addr.sa_family != AF_INET) { + if (!setup_kaddr(&remote_kaddr, &remote_addr) || + !setup_kaddr(&local_kaddr, &local_addr)) { DEBUG(1,("do_krb5_kpasswd_request: " - "no IPv6 support (yet).\n")); + "Failed to setup addresses.\n")); close(sock); SAFE_FREE(ap_req.data); krb5_auth_con_free(context, auth_context); @@ -454,9 +453,6 @@ static ADS_STATUS do_krb5_kpasswd_request(krb5_context context, return ADS_ERROR_SYSTEM(EINVAL); } - setup_kaddr_v4(&remote_kaddr, &remote_addr); - setup_kaddr_v4(&local_kaddr, &local_addr); - ret = krb5_auth_con_setaddrs(context, auth_context, &local_kaddr, NULL); if (ret) { close(sock); @@ -465,7 +461,7 @@ static ADS_STATUS do_krb5_kpasswd_request(krb5_context context, DEBUG(1,("krb5_auth_con_setaddrs failed (%s)\n", error_message(ret))); return ADS_ERROR_KRB5(ret); } - + ret = build_kpasswd_request(pversion, context, auth_context, &ap_req, princ, newpw, use_tcp, &chpw_req); if (ret) { diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c index fb25e9e203..d996d61a48 100644 --- a/source3/libsmb/clikrb5.c +++ b/source3/libsmb/clikrb5.c @@ -162,19 +162,45 @@ static krb5_error_code smb_krb5_parse_name_norealm_conv(krb5_context context, #if defined(HAVE_ADDR_TYPE_IN_KRB5_ADDRESS) /* HEIMDAL */ - void setup_kaddr_v4( krb5_address *pkaddr, struct sockaddr *paddr) + bool setup_kaddr( krb5_address *pkaddr, struct sockaddr_storage *paddr) { - pkaddr->addr_type = KRB5_ADDRESS_INET; - pkaddr->address.length = sizeof(((struct sockaddr_in *)paddr)->sin_addr); - pkaddr->address.data = (char *)&(((struct sockaddr_in *)paddr)->sin_addr); + memset(pkaddr, '\0', sizeof(krb5_address)); +#if defined(HAVE_IPV6) && defined(KRB5_ADDRESS_INET6) + if (paddr->ss_family == AF_INET6) { + pkaddr->addr_type = KRB5_ADDRESS_INET6; + pkaddr->address.length = sizeof(((struct sockaddr_in6 *)paddr)->sin6_addr); + pkaddr->address.data = (char *)&(((struct sockaddr_in6 *)paddr)->sin6_addr); + return true; + } +#endif + if (paddr->ss_family == AF_INET) { + pkaddr->addr_type = KRB5_ADDRESS_INET; + pkaddr->address.length = sizeof(((struct sockaddr_in *)paddr)->sin_addr); + pkaddr->address.data = (char *)&(((struct sockaddr_in *)paddr)->sin_addr); + return true; + } + return false; } #elif defined(HAVE_ADDRTYPE_IN_KRB5_ADDRESS) /* MIT */ - void setup_kaddr_v4( krb5_address *pkaddr, struct sockaddr *paddr) + bool setup_kaddr( krb5_address *pkaddr, struct sockaddr_storage *paddr) { - pkaddr->addrtype = ADDRTYPE_INET; - pkaddr->length = sizeof(((struct sockaddr_in *)paddr)->sin_addr); - pkaddr->contents = (krb5_octet *)&(((struct sockaddr_in *)paddr)->sin_addr); + memset(pkaddr, '\0', sizeof(krb5_address)); +#if defined(HAVE_IPV6) && defined(ADDRTYPE_INET6) + if (paddr->ss_family == AF_INET6) { + pkaddr->addrtype = ADDRTYPE_INET6; + pkaddr->length = sizeof(((struct sockaddr_in6 *)paddr)->sin6_addr); + pkaddr->contents = (krb5_octet *)&(((struct sockaddr_in6 *)paddr)->sin6_addr); + return true; + } +#endif + if (paddr->ss_family == AF_INET) { + pkaddr->addrtype = ADDRTYPE_INET; + pkaddr->length = sizeof(((struct sockaddr_in *)paddr)->sin_addr); + pkaddr->contents = (krb5_octet *)&(((struct sockaddr_in *)paddr)->sin_addr); + return true; + } + return false; } #else #error UNKNOWN_ADDRTYPE |