diff options
Diffstat (limited to 'source3/lib')
-rw-r--r-- | source3/lib/access.c | 10 | ||||
-rw-r--r-- | source3/lib/substitute.c | 3 | ||||
-rw-r--r-- | source3/lib/util_sock.c | 27 |
3 files changed, 23 insertions, 17 deletions
diff --git a/source3/lib/access.c b/source3/lib/access.c index 7b78017a64..31bc515b47 100644 --- a/source3/lib/access.c +++ b/source3/lib/access.c @@ -346,6 +346,8 @@ bool check_access(int sock, const char **allow_list, const char **deny_list) ret = true; if (!ret) { + char addr[INET6_ADDRSTRLEN]; + /* Bypass name resolution calls if the lists * only contain IP addrs */ if (only_ipaddrs_in_list(allow_list) && @@ -356,24 +358,24 @@ bool check_access(int sock, const char **allow_list, const char **deny_list) ret = allow_access(deny_list, allow_list, "", - get_peer_addr(sock)); + get_peer_addr(sock,addr)); } else { DEBUG (3, ("check_access: hostnames in " "host allow/deny list.\n")); ret = allow_access(deny_list, allow_list, get_peer_name(sock,true), - get_peer_addr(sock)); + get_peer_addr(sock,addr)); } if (ret) { DEBUG(2,("Allowed connection from %s (%s)\n", only_ip ? "" : get_peer_name(sock,true), - get_peer_addr(sock))); + get_peer_addr(sock,addr))); } else { DEBUG(0,("Denied connection from %s (%s)\n", only_ip ? "" : get_peer_name(sock,true), - get_peer_addr(sock))); + get_peer_addr(sock,addr))); } } diff --git a/source3/lib/substitute.c b/source3/lib/substitute.c index 07cea81bd1..a6195ef9d7 100644 --- a/source3/lib/substitute.c +++ b/source3/lib/substitute.c @@ -449,6 +449,7 @@ char *alloc_sub_basic(const char *smb_name, const char *domain_name, char *b, *p, *s, *r, *a_string; fstring pidstr, vnnstr; struct passwd *pass; + char addr[INET6_ADDRSTRLEN]; const char *local_machine_name = get_local_machine_name(); /* workaround to prevent a crash while looking at bug #687 */ @@ -494,7 +495,7 @@ char *alloc_sub_basic(const char *smb_name, const char *domain_name, a_string = realloc_string_sub(a_string, "%D", r); break; case 'I' : - a_string = realloc_string_sub(a_string, "%I", client_addr()); + a_string = realloc_string_sub(a_string, "%I", client_addr(addr)); break; case 'i': a_string = realloc_string_sub( a_string, "%i", client_socket_addr() ); diff --git a/source3/lib/util_sock.c b/source3/lib/util_sock.c index ea33de8077..b1e508182d 100644 --- a/source3/lib/util_sock.c +++ b/source3/lib/util_sock.c @@ -587,9 +587,10 @@ char *print_canonical_sockaddr(TALLOC_CTX *ctx, void client_setfd(int fd) { + char addr[INET6_ADDRSTRLEN]; client_fd = fd; safe_strcpy(client_ip_string, - get_peer_addr(client_fd), + get_peer_addr(client_fd,addr), sizeof(client_ip_string)-1); } @@ -658,9 +659,9 @@ const char *client_name(void) return get_peer_name(client_fd,false); } -const char *client_addr(void) +const char *client_addr(char addr[INET6_ADDRSTRLEN]) { - return get_peer_addr(client_fd); + return get_peer_addr(client_fd,addr); } const char *client_socket_addr(void) @@ -1699,12 +1700,12 @@ int open_udp_socket(const char *host, int port) ******************************************************************/ static const char *get_peer_addr_internal(int fd, + char addr_buf[INET6_ADDRSTRLEN], struct sockaddr_storage *pss, socklen_t *plength) { struct sockaddr_storage ss; socklen_t length = sizeof(ss); - static char addr_buf[INET6_ADDRSTRLEN]; safe_strcpy(addr_buf,"0.0.0.0",sizeof(addr_buf)-1); @@ -1732,7 +1733,6 @@ static const char *get_peer_addr_internal(int fd, return addr_buf; } - /******************************************************************* Matchname - determine if host name matches IP address. Used to confirm a hostname lookup to prevent spoof attacks. @@ -1807,10 +1807,12 @@ static bool matchname(const char *remotehost, Return the DNS name of the remote end of a socket. ******************************************************************/ +static char addr_buf_cache[INET6_ADDRSTRLEN]; + const char *get_peer_name(int fd, bool force_lookup) { - static fstring addr_buf; static pstring name_buf; + char addr_buf[INET6_ADDRSTRLEN]; struct sockaddr_storage ss; socklen_t length = sizeof(ss); const char *p; @@ -1822,13 +1824,14 @@ const char *get_peer_name(int fd, bool force_lookup) with dns. To avoid the delay we avoid the lookup if possible */ if (!lp_hostname_lookups() && (force_lookup == false)) { - return get_peer_addr(fd); + pstrcpy(name_buf, get_peer_addr(fd, addr_buf)); + return name_buf; } - p = get_peer_addr_internal(fd, &ss, &length); + p = get_peer_addr_internal(fd, addr_buf, &ss, &length); /* it might be the same as the last one - save some DNS work */ - if (strcmp(p, addr_buf) == 0) { + if (strcmp(p, addr_buf_cache) == 0) { return name_buf; } @@ -1837,7 +1840,7 @@ const char *get_peer_name(int fd, bool force_lookup) return name_buf; } - fstrcpy(addr_buf, p); + safe_strcpy(addr_buf_cache, p, sizeof(addr_buf_cache)-1); /* Look up the remote host name. */ ret = getnameinfo((struct sockaddr *)&ss, @@ -1878,9 +1881,9 @@ const char *get_peer_name(int fd, bool force_lookup) Return the IP addr of the remote end of a socket as a string. ******************************************************************/ -const char *get_peer_addr(int fd) +const char *get_peer_addr(int fd, char addr[INET6_ADDRSTRLEN]) { - return get_peer_addr_internal(fd, NULL, NULL); + return get_peer_addr_internal(fd, addr, NULL, NULL); } /******************************************************************* |