diff options
Diffstat (limited to 'source3')
-rw-r--r-- | source3/auth/pampass.c | 3 | ||||
-rw-r--r-- | source3/lib/access.c | 10 | ||||
-rw-r--r-- | source3/lib/substitute.c | 3 | ||||
-rw-r--r-- | source3/lib/util_sock.c | 27 | ||||
-rw-r--r-- | source3/modules/vfs_expand_msdfs.c | 3 | ||||
-rw-r--r-- | source3/printing/print_cups.c | 3 | ||||
-rw-r--r-- | source3/printing/print_iprint.c | 3 | ||||
-rw-r--r-- | source3/rpc_server/srv_netlog_nt.c | 6 | ||||
-rw-r--r-- | source3/smbd/connection.c | 3 | ||||
-rw-r--r-- | source3/smbd/process.c | 5 | ||||
-rw-r--r-- | source3/smbd/server.c | 4 | ||||
-rw-r--r-- | source3/smbd/service.c | 6 | ||||
-rw-r--r-- | source3/smbd/session.c | 5 | ||||
-rw-r--r-- | source3/smbd/sesssetup.c | 4 | ||||
-rw-r--r-- | source3/web/cgi.c | 3 |
15 files changed, 56 insertions, 32 deletions
diff --git a/source3/auth/pampass.c b/source3/auth/pampass.c index ac3aa3aa64..9b8faf1609 100644 --- a/source3/auth/pampass.c +++ b/source3/auth/pampass.c @@ -455,6 +455,7 @@ static bool smb_pam_start(pam_handle_t **pamh, const char *user, const char *rho { int pam_error; const char *our_rhost; + char addr[INET6_ADDRSTRLEN]; *pamh = (pam_handle_t *)NULL; @@ -469,7 +470,7 @@ static bool smb_pam_start(pam_handle_t **pamh, const char *user, const char *rho if (rhost == NULL) { our_rhost = client_name(); if (strequal(our_rhost,"UNKNOWN")) - our_rhost = client_addr(); + our_rhost = client_addr(addr); } else { our_rhost = rhost; } diff --git a/source3/lib/access.c b/source3/lib/access.c index 7b78017a64..31bc515b47 100644 --- a/source3/lib/access.c +++ b/source3/lib/access.c @@ -346,6 +346,8 @@ bool check_access(int sock, const char **allow_list, const char **deny_list) ret = true; if (!ret) { + char addr[INET6_ADDRSTRLEN]; + /* Bypass name resolution calls if the lists * only contain IP addrs */ if (only_ipaddrs_in_list(allow_list) && @@ -356,24 +358,24 @@ bool check_access(int sock, const char **allow_list, const char **deny_list) ret = allow_access(deny_list, allow_list, "", - get_peer_addr(sock)); + get_peer_addr(sock,addr)); } else { DEBUG (3, ("check_access: hostnames in " "host allow/deny list.\n")); ret = allow_access(deny_list, allow_list, get_peer_name(sock,true), - get_peer_addr(sock)); + get_peer_addr(sock,addr)); } if (ret) { DEBUG(2,("Allowed connection from %s (%s)\n", only_ip ? "" : get_peer_name(sock,true), - get_peer_addr(sock))); + get_peer_addr(sock,addr))); } else { DEBUG(0,("Denied connection from %s (%s)\n", only_ip ? "" : get_peer_name(sock,true), - get_peer_addr(sock))); + get_peer_addr(sock,addr))); } } diff --git a/source3/lib/substitute.c b/source3/lib/substitute.c index 07cea81bd1..a6195ef9d7 100644 --- a/source3/lib/substitute.c +++ b/source3/lib/substitute.c @@ -449,6 +449,7 @@ char *alloc_sub_basic(const char *smb_name, const char *domain_name, char *b, *p, *s, *r, *a_string; fstring pidstr, vnnstr; struct passwd *pass; + char addr[INET6_ADDRSTRLEN]; const char *local_machine_name = get_local_machine_name(); /* workaround to prevent a crash while looking at bug #687 */ @@ -494,7 +495,7 @@ char *alloc_sub_basic(const char *smb_name, const char *domain_name, a_string = realloc_string_sub(a_string, "%D", r); break; case 'I' : - a_string = realloc_string_sub(a_string, "%I", client_addr()); + a_string = realloc_string_sub(a_string, "%I", client_addr(addr)); break; case 'i': a_string = realloc_string_sub( a_string, "%i", client_socket_addr() ); diff --git a/source3/lib/util_sock.c b/source3/lib/util_sock.c index ea33de8077..b1e508182d 100644 --- a/source3/lib/util_sock.c +++ b/source3/lib/util_sock.c @@ -587,9 +587,10 @@ char *print_canonical_sockaddr(TALLOC_CTX *ctx, void client_setfd(int fd) { + char addr[INET6_ADDRSTRLEN]; client_fd = fd; safe_strcpy(client_ip_string, - get_peer_addr(client_fd), + get_peer_addr(client_fd,addr), sizeof(client_ip_string)-1); } @@ -658,9 +659,9 @@ const char *client_name(void) return get_peer_name(client_fd,false); } -const char *client_addr(void) +const char *client_addr(char addr[INET6_ADDRSTRLEN]) { - return get_peer_addr(client_fd); + return get_peer_addr(client_fd,addr); } const char *client_socket_addr(void) @@ -1699,12 +1700,12 @@ int open_udp_socket(const char *host, int port) ******************************************************************/ static const char *get_peer_addr_internal(int fd, + char addr_buf[INET6_ADDRSTRLEN], struct sockaddr_storage *pss, socklen_t *plength) { struct sockaddr_storage ss; socklen_t length = sizeof(ss); - static char addr_buf[INET6_ADDRSTRLEN]; safe_strcpy(addr_buf,"0.0.0.0",sizeof(addr_buf)-1); @@ -1732,7 +1733,6 @@ static const char *get_peer_addr_internal(int fd, return addr_buf; } - /******************************************************************* Matchname - determine if host name matches IP address. Used to confirm a hostname lookup to prevent spoof attacks. @@ -1807,10 +1807,12 @@ static bool matchname(const char *remotehost, Return the DNS name of the remote end of a socket. ******************************************************************/ +static char addr_buf_cache[INET6_ADDRSTRLEN]; + const char *get_peer_name(int fd, bool force_lookup) { - static fstring addr_buf; static pstring name_buf; + char addr_buf[INET6_ADDRSTRLEN]; struct sockaddr_storage ss; socklen_t length = sizeof(ss); const char *p; @@ -1822,13 +1824,14 @@ const char *get_peer_name(int fd, bool force_lookup) with dns. To avoid the delay we avoid the lookup if possible */ if (!lp_hostname_lookups() && (force_lookup == false)) { - return get_peer_addr(fd); + pstrcpy(name_buf, get_peer_addr(fd, addr_buf)); + return name_buf; } - p = get_peer_addr_internal(fd, &ss, &length); + p = get_peer_addr_internal(fd, addr_buf, &ss, &length); /* it might be the same as the last one - save some DNS work */ - if (strcmp(p, addr_buf) == 0) { + if (strcmp(p, addr_buf_cache) == 0) { return name_buf; } @@ -1837,7 +1840,7 @@ const char *get_peer_name(int fd, bool force_lookup) return name_buf; } - fstrcpy(addr_buf, p); + safe_strcpy(addr_buf_cache, p, sizeof(addr_buf_cache)-1); /* Look up the remote host name. */ ret = getnameinfo((struct sockaddr *)&ss, @@ -1878,9 +1881,9 @@ const char *get_peer_name(int fd, bool force_lookup) Return the IP addr of the remote end of a socket as a string. ******************************************************************/ -const char *get_peer_addr(int fd) +const char *get_peer_addr(int fd, char addr[INET6_ADDRSTRLEN]) { - return get_peer_addr_internal(fd, NULL, NULL); + return get_peer_addr_internal(fd, addr, NULL, NULL); } /******************************************************************* diff --git a/source3/modules/vfs_expand_msdfs.c b/source3/modules/vfs_expand_msdfs.c index e2a4a18bf0..12f2c8e72b 100644 --- a/source3/modules/vfs_expand_msdfs.c +++ b/source3/modules/vfs_expand_msdfs.c @@ -55,6 +55,7 @@ static bool read_target_host(const char *mapfile, pstring targethost) DEBUG(10, ("Scanning mapfile [%s]\n", mapfile)); while (x_fgets(buf, sizeof(buf), f) != NULL) { + char addr[INET6_ADDRSTRLEN]; if ((strlen(buf) > 0) && (buf[strlen(buf)-1] == '\n')) buf[strlen(buf)-1] = '\0'; @@ -70,7 +71,7 @@ static bool read_target_host(const char *mapfile, pstring targethost) *space = '\0'; - if (strncmp(client_addr(), buf, strlen(buf)) == 0) { + if (strncmp(client_addr(addr), buf, strlen(buf)) == 0) { found = True; break; } diff --git a/source3/printing/print_cups.c b/source3/printing/print_cups.c index e9e4e5955f..ff4c7ebc5f 100644 --- a/source3/printing/print_cups.c +++ b/source3/printing/print_cups.c @@ -567,6 +567,7 @@ static int cups_job_submit(int snum, struct printjob *pjob) pstring new_jobname; int num_options = 0; cups_option_t *options = NULL; + char addr[INET6_ADDRSTRLEN]; DEBUG(5,("cups_job_submit(%d, %p (%d))\n", snum, pjob, pjob->sysjob)); @@ -619,7 +620,7 @@ static int cups_job_submit(int snum, struct printjob *pjob) clientname = client_name(); if (strcmp(clientname, "UNKNOWN") == 0) { - clientname = client_addr(); + clientname = client_addr(addr); } ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_NAME, diff --git a/source3/printing/print_iprint.c b/source3/printing/print_iprint.c index 18f5e97856..8ee681b3be 100644 --- a/source3/printing/print_iprint.c +++ b/source3/printing/print_iprint.c @@ -727,6 +727,7 @@ static int iprint_job_submit(int snum, struct printjob *pjob) cups_lang_t *language = NULL; /* Default language */ char uri[HTTP_MAX_URI]; /* printer-uri attribute */ const char *clientname = NULL; /* hostname of client for job-originating-host attribute */ + char addr[INET6_ADDRSTRLEN]; DEBUG(5,("iprint_job_submit(%d, %p (%d))\n", snum, pjob, pjob->sysjob)); @@ -780,7 +781,7 @@ static int iprint_job_submit(int snum, struct printjob *pjob) clientname = client_name(); if (strcmp(clientname, "UNKNOWN") == 0) { - clientname = client_addr(); + clientname = client_addr(addr); } ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_NAME, diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index 13c0f38b74..6de8cd7572 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -196,8 +196,10 @@ static NTSTATUS get_md4pw(char *md4pw, char *mach_acct, uint16 sec_chan_type) const uint8 *pass; bool ret; uint32 acct_ctrl; - + #if 0 + char addr[INET6_ADDRSTRLEN]; + /* * Currently this code is redundent as we already have a filter * by hostname list. What this code really needs to do is to @@ -208,7 +210,7 @@ static NTSTATUS get_md4pw(char *md4pw, char *mach_acct, uint16 sec_chan_type) */ if (!allow_access(lp_domain_hostsdeny(), lp_domain_hostsallow(), - client_name(), client_addr())) + client_name(), client_addr(addr))) { DEBUG(0,("get_md4pw: Workstation %s denied access to domain\n", mach_acct)); return False; diff --git a/source3/smbd/connection.c b/source3/smbd/connection.c index e9f1b82fbf..4b89668640 100644 --- a/source3/smbd/connection.c +++ b/source3/smbd/connection.c @@ -128,6 +128,7 @@ bool claim_connection(connection_struct *conn, const char *name, struct connections_data crec; TDB_DATA dbuf; NTSTATUS status; + char addr[INET6_ADDRSTRLEN]; DEBUG(5,("claiming [%s]\n", name)); @@ -151,7 +152,7 @@ bool claim_connection(connection_struct *conn, const char *name, crec.bcast_msg_flags = msg_flags; strlcpy(crec.machine,get_remote_machine_name(),sizeof(crec.machine)); - strlcpy(crec.addr,conn?conn->client_address:client_addr(), + strlcpy(crec.addr,conn?conn->client_address:client_addr(addr), sizeof(crec.addr)); dbuf.dptr = (uint8 *)&crec; diff --git a/source3/smbd/process.c b/source3/smbd/process.c index 11fdb03d72..f35e7054d7 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -1460,15 +1460,18 @@ static void process_smb(char *inbuf, size_t nread, size_t unread_bytes) DO_PROFILE_INC(smb_count); if (trans_num == 0) { + char addr[INET6_ADDRSTRLEN]; + /* on the first packet, check the global hosts allow/ hosts deny parameters before doing any parsing of the packet passed to us by the client. This prevents attacks on our parsing code from hosts not in the hosts allow list */ + if (!check_access(smbd_server_fd(), lp_hostsallow(-1), lp_hostsdeny(-1))) { /* send a negative session response "not listening on calling name" */ static unsigned char buf[5] = {0x83, 0, 0, 1, 0x81}; - DEBUG( 1, ( "Connection denied from %s\n", client_addr() ) ); + DEBUG( 1, ( "Connection denied from %s\n", client_addr(addr) ) ); (void)send_smb(smbd_server_fd(),(char *)buf); exit_server_cleanly("connection denied"); } diff --git a/source3/smbd/server.c b/source3/smbd/server.c index fa8e163081..34b3d4a32a 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -602,6 +602,8 @@ static bool open_sockets_smbd(bool is_daemon, bool interactive, const char *smb_ if (allowable_number_of_smbd_processes() && smbd_server_fd() != -1 && ((child = sys_fork())==0)) { + char remaddr[INET6_ADDRSTRLEN]; + /* Child code ... */ /* Stop zombies, the parent explicitly handles @@ -622,7 +624,7 @@ static bool open_sockets_smbd(bool is_daemon, bool interactive, const char *smb_ /* this is needed so that we get decent entries in smbstatus for port 445 connects */ - set_remote_machine_name(get_peer_addr(smbd_server_fd()), + set_remote_machine_name(get_peer_addr(smbd_server_fd(),remaddr), False); /* Reset the state of the random diff --git a/source3/smbd/service.c b/source3/smbd/service.c index bb279b701f..2901cd3417 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -642,6 +642,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, fstring user; fstring dev; int ret; + char addr[INET6_ADDRSTRLEN]; *user = 0; fstrcpy(dev, pdev); @@ -757,7 +758,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, add_session_user(user); - safe_strcpy(conn->client_address, client_addr(), + safe_strcpy(conn->client_address, client_addr(addr), sizeof(conn->client_address)-1); conn->num_files_open = 0; conn->lastused = conn->lastused_count = time(NULL); @@ -1204,6 +1205,7 @@ connection_struct *make_connection(const char *service_in, DATA_BLOB password, fstring service; fstring dev; int snum = -1; + char addr[INET6_ADDRSTRLEN]; fstrcpy(dev, pdev); @@ -1300,7 +1302,7 @@ connection_struct *make_connection(const char *service_in, DATA_BLOB password, } DEBUG(0,("%s (%s) couldn't find service %s\n", - get_remote_machine_name(), client_addr(), service)); + get_remote_machine_name(), client_addr(addr), service)); *status = NT_STATUS_BAD_NETWORK_NAME; return NULL; } diff --git a/source3/smbd/session.c b/source3/smbd/session.c index ebbb40eb5a..15154162b9 100644 --- a/source3/smbd/session.c +++ b/source3/smbd/session.c @@ -69,6 +69,7 @@ bool session_claim(user_struct *vuser) struct db_context *ctx; struct db_record *rec; NTSTATUS status; + char addr[INET6_ADDRSTRLEN]; vuser->session_keystr = NULL; @@ -160,7 +161,7 @@ bool session_claim(user_struct *vuser) hostname = client_name(); if (strcmp(hostname, "UNKNOWN") == 0) { - hostname = client_addr(); + hostname = client_addr(addr); } fstrcpy(sessionid.username, vuser->user.unix_name); @@ -170,7 +171,7 @@ bool session_claim(user_struct *vuser) sessionid.uid = vuser->uid; sessionid.gid = vuser->gid; fstrcpy(sessionid.remote_machine, get_remote_machine_name()); - fstrcpy(sessionid.ip_addr_str, client_addr()); + fstrcpy(sessionid.ip_addr_str, client_addr(addr)); sessionid.connect_start = time(NULL); if (!smb_pam_claim_session(sessionid.username, sessionid.id_str, diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index bc298d11f7..35efbc009f 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -1307,6 +1307,8 @@ static int shutdown_other_smbds(struct db_record *rec, static void setup_new_vc_session(void) { + char addr[INET6_ADDRSTRLEN]; + DEBUG(2,("setup_new_vc_session: New VC == 0, if NT4.x " "compatible we would close all old resources.\n")); #if 0 @@ -1315,7 +1317,7 @@ static void setup_new_vc_session(void) #endif if (lp_reset_on_zero_vc()) { connections_forall(shutdown_other_smbds, - CONST_DISCARD(void *,client_addr())); + CONST_DISCARD(void *,client_addr(addr))); } } diff --git a/source3/web/cgi.c b/source3/web/cgi.c index 6a8688b637..71328459f0 100644 --- a/source3/web/cgi.c +++ b/source3/web/cgi.c @@ -647,7 +647,8 @@ return the hostname of the client const char *cgi_remote_addr(void) { if (inetd_server) { - return get_peer_addr(1); + char addr[INET6_ADDRSTRLEN]; + return get_peer_addr(1,addr); } return getenv("REMOTE_ADDR"); } |