From e9cf3a8ca264118c0050579940f2812ac0aa356c Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 12 Oct 2007 13:38:04 -0700 Subject: Convert get_peer_addr() to IPv6. Only is_myname_or_ipaddr() lefto to do then I can fix the lib/access.c functions. Jeremy. (This used to be commit 3403c6c330b886c86d6d856c3ffc13b043fd6fc1) --- source3/lib/util_sock.c | 167 ++++++++++++++++++++++++++++++++---------------- 1 file changed, 112 insertions(+), 55 deletions(-) diff --git a/source3/lib/util_sock.c b/source3/lib/util_sock.c index 5a96bb79d6..8c5d1b6fec 100644 --- a/source3/lib/util_sock.c +++ b/source3/lib/util_sock.c @@ -1546,41 +1546,102 @@ int open_udp_socket(const char *host, int port) return res; } +/******************************************************************* + Return the IP addr of the remote end of a socket as a string. + Optionally return the struct sockaddr_storage. + ******************************************************************/ + +static const char *get_peer_addr_internal(int fd, + struct sockaddr_storage *pss, + socklen_t *plength) +{ + struct sockaddr_storage ss; + socklen_t length = sizeof(ss); + static char addr_buf[INET6_ADDRSTRLEN]; + + safe_strcpy(addr_buf,"0.0.0.0",sizeof(addr_buf)-1); + + if (fd == -1) { + return addr_buf; + } + + if (pss == NULL) { + pss = &ss; + } + if (plength == NULL) { + plength = &length; + } + + if (getpeername(fd, (struct sockaddr *)pss, plength) < 0) { + DEBUG(0,("getpeername failed. Error was %s\n", + strerror(errno) )); + return addr_buf; + } + + print_sockaddr(addr_buf, + sizeof(addr_buf), + pss, + *plength); + return addr_buf; +} + + /******************************************************************* Matchname - determine if host name matches IP address. Used to confirm a hostname lookup to prevent spoof attacks. ******************************************************************/ -static bool matchname(char *remotehost,struct in_addr addr) +static bool matchname(const char *remotehost, + const struct sockaddr_storage *pss, + socklen_t len) { - struct hostent *hp; - int i; + struct addrinfo hints; + struct addrinfo *res = NULL; + struct addrinfo *ailist = NULL; + char addr_buf[INET6_ADDRSTRLEN]; + int ret = -1; + + memset(&hints,'\0',sizeof(struct addrinfo)); + /* By default make sure it supports TCP. */ + hints.ai_socktype = SOCK_STREAM; + hints.ai_flags = AI_ADDRCONFIG|AI_CANONNAME; - if ((hp = sys_gethostbyname(remotehost)) == 0) { - DEBUG(0,("sys_gethostbyname(%s): lookup failure.\n", - remotehost)); + ret = getaddrinfo(remotehost, NULL, + &hints, + &res); + + if (ret || res == NULL) { + DEBUG(3,("matchname: getaddrinfo failed for " + "name %s [%s]\n", + remotehost, + gai_strerror(ret) )); return false; } /* - * Make sure that gethostbyname() returns the "correct" host name. - * Unfortunately, gethostbyname("localhost") sometimes yields - * "localhost.domain". Since the latter host name comes from the - * local DNS, we just have to trust it (all bets are off if the local - * DNS is perverted). We always check the address list, though. + * Make sure that getaddrinfo() returns the "correct" host name. */ - if (!strequal(remotehost, hp->h_name) - && !strequal(remotehost, "localhost")) { - DEBUG(0,("host name/name mismatch: %s != %s\n", - remotehost, hp->h_name)); + if (res->ai_canonname == NULL || + (!strequal(remotehost, res->ai_canonname) && + !strequal(remotehost, "localhost"))) { + DEBUG(0,("matchname: host name/name mismatch: %s != %s\n", + remotehost, + res->ai_canonname ? res->ai_canonname : "(NULL)")); + freeaddrinfo(res); return false; } /* Look up the host address in the address list we just got. */ - for (i = 0; hp->h_addr_list[i]; i++) { - if (memcmp(hp->h_addr_list[i], (char *)&addr,sizeof(addr)) == 0) + for (ailist = res; ailist; ailist = ailist->ai_next) { + if (!ailist->ai_addr) { + continue; + } + if (addr_equal((const struct sockaddr_storage *)ailist->ai_addr, + pss)) { + freeaddrinfo(res); return true; + } } /* @@ -1589,8 +1650,14 @@ static bool matchname(char *remotehost,struct in_addr addr) * it, but that could be dangerous, too. */ - DEBUG(0,("host name/address mismatch: %s != %s\n", - inet_ntoa(addr), hp->h_name)); + DEBUG(0,("matchname: host name/address mismatch: %s != %s\n", + print_sockaddr(addr_buf, + sizeof(addr_buf), + pss, + len), + res->ai_canonname ? res->ai_canonname : "(NULL)")); + + freeaddrinfo(res); return false; } @@ -1600,12 +1667,13 @@ static bool matchname(char *remotehost,struct in_addr addr) const char *get_peer_name(int fd, bool force_lookup) { - static pstring name_buf; - pstring tmp_name; static fstring addr_buf; - struct hostent *hp; - struct in_addr addr; + static pstring name_buf; + struct sockaddr_storage ss; + socklen_t length = sizeof(ss); const char *p; + int ret; + pstring tmp_name; /* reverse lookups can be *very* expensive, and in many situations won't work because many networks don't link dhcp @@ -1615,28 +1683,37 @@ const char *get_peer_name(int fd, bool force_lookup) return get_peer_addr(fd); } - p = get_peer_addr(fd); + p = get_peer_addr_internal(fd, &ss, &length); /* it might be the same as the last one - save some DNS work */ - if (strcmp(p, addr_buf) == 0) + if (strcmp(p, addr_buf) == 0) { return name_buf; + } pstrcpy(name_buf,"UNKNOWN"); - if (fd == -1) + if (fd == -1) { return name_buf; + } fstrcpy(addr_buf, p); - addr = *interpret_addr2(p); - /* Look up the remote host name. */ - if ((hp = gethostbyaddr((char *)&addr.s_addr, - sizeof(addr.s_addr), AF_INET)) == 0) { - DEBUG(1,("Gethostbyaddr failed for %s\n",p)); + ret = getnameinfo((struct sockaddr *)&ss, + length, + name_buf, + sizeof(name_buf), + NULL, + 0, + NI_NUMERICHOST); + + if (ret) { + DEBUG(1,("get_peer_name: getnameinfo failed " + "for %s with error %s\n", + p, + gai_strerror(ret))); pstrcpy(name_buf, p); } else { - pstrcpy(name_buf,(char *)hp->h_name); - if (!matchname(name_buf, addr)) { + if (!matchname(name_buf, &ss, length)) { DEBUG(0,("Matchname failed on %s %s\n",name_buf,p)); pstrcpy(name_buf,"UNKNOWN"); } @@ -1646,7 +1723,7 @@ const char *get_peer_name(int fd, bool force_lookup) use --enable-developer or the clobber_region() call will get you */ - pstrcpy( tmp_name, name_buf ); + pstrcpy(tmp_name, name_buf ); alpha_strcpy(name_buf, tmp_name, "_-.", sizeof(name_buf)); if (strstr(name_buf,"..")) { pstrcpy(name_buf, "UNKNOWN"); @@ -1661,27 +1738,7 @@ const char *get_peer_name(int fd, bool force_lookup) const char *get_peer_addr(int fd) { - struct sockaddr_storage ss; - socklen_t length = sizeof(ss); - static char addr_buf[INET6_ADDRSTRLEN]; - - safe_strcpy(addr_buf,"0.0.0.0",sizeof(addr_buf)-1); - - if (fd == -1) { - return addr_buf; - } - - if (getpeername(fd, (struct sockaddr *)&ss, &length) < 0) { - DEBUG(0,("getpeername failed. Error was %s\n", - strerror(errno) )); - return addr_buf; - } - - print_sockaddr(addr_buf, - sizeof(addr_buf), - &ss, - length); - return addr_buf; + return get_peer_addr_internal(fd, NULL, NULL); } /******************************************************************* -- cgit From 6c8225445b9c6d92abee48d4954a7d3fe2d2e987 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 12 Oct 2007 21:50:41 -0700 Subject: Dummy formatting commit to check I've set up my home git correctly. (This used to be commit a1166e9e651f4acdcf7926c5d8e9cf0c9108fe71) --- source3/lib/util_sock.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/source3/lib/util_sock.c b/source3/lib/util_sock.c index 8c5d1b6fec..8079932620 100644 --- a/source3/lib/util_sock.c +++ b/source3/lib/util_sock.c @@ -1846,8 +1846,9 @@ bool is_myname_or_ipaddr(const char *s) fstring name, dnsname; char *servername; - if ( !s ) + if ( !s ) { return false; + } /* santize the string from '\\name' */ -- cgit From 0bb74d2f8c8a182ce2a0d983e0178f361acce018 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 13 Oct 2007 15:09:24 +0200 Subject: remove unused print_test.c code metze (This used to be commit 9e5ad21e6793981a01f63f2de1c4d496ade0bb54) --- source3/Makefile.in | 2 +- source3/printing/print_test.c | 81 ------------------------------------------- 2 files changed, 1 insertion(+), 82 deletions(-) diff --git a/source3/Makefile.in b/source3/Makefile.in index ea1b69b45c..4d261d37d1 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -545,7 +545,7 @@ SMBD_OBJ_BASE = $(PARAM_WITHOUT_REG_OBJ) $(SMBD_OBJ_SRV) $(LIBSMB_OBJ) \ PRINTING_OBJ = printing/pcap.o printing/print_svid.o printing/print_aix.o \ printing/print_cups.o printing/print_generic.o \ printing/lpq_parse.o printing/load.o \ - printing/print_iprint.o printing/print_test.o + printing/print_iprint.o PRINTBASE_OBJ = printing/notify.o printing/printing_db.o PRINTBACKEND_OBJ = printing/printing.o printing/nt_printing.o $(PRINTBASE_OBJ) diff --git a/source3/printing/print_test.c b/source3/printing/print_test.c index 42f6aca8a3..e69de29bb2 100644 --- a/source3/printing/print_test.c +++ b/source3/printing/print_test.c @@ -1,81 +0,0 @@ -/* - * Printing backend for the build farm - * - * Copyright (C) Volker Lendecke 2006 - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, see . - */ - -#include "includes.h" -#include "printing.h" - -#if defined(DEVELOPER) || defined(ENABLE_BUILD_FARM_HACKS) - -static int test_queue_get(const char *printer_name, - enum printing_types printing_type, - char *lpq_command, - print_queue_struct **q, - print_status_struct *status) -{ - return -1; -} - -static int test_queue_pause(int snum) -{ - return -1; -} - -static int test_queue_resume(int snum) -{ - return -1; -} - -static int test_job_delete(const char *sharename, const char *lprm_command, - struct printjob *pjob) -{ - return -1; -} - -static int test_job_pause(int snum, struct printjob *pjob) -{ - return -1; -} - -static int test_job_resume(int snum, struct printjob *pjob) -{ - return -1; -} - -static int test_job_submit(int snum, struct printjob *pjob) -{ - return -1; -}; - -struct printif test_printif = -{ - PRINT_TEST, - test_queue_get, - test_queue_pause, - test_queue_resume, - test_job_delete, - test_job_pause, - test_job_resume, - test_job_submit, -}; - -#else - /* this keeps fussy compilers happy */ - void print_test_dummy(void); - void print_test_dummy(void) {} -#endif /* DEVELOPER||ENABLE_BUILD_FARM_HACKS */ -- cgit From e8b83d79b129c4928220dee2b191e175172341f6 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 13 Oct 2007 16:26:42 +0200 Subject: Also find loopback interfaces Not sure if a loopback interface is actually a broadcast one. (This used to be commit 76d8dedc368ecb1594780ce58ffee2a35a6f4f73) --- source3/lib/interfaces.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/lib/interfaces.c b/source3/lib/interfaces.c index e98ea46282..20d91439f5 100644 --- a/source3/lib/interfaces.c +++ b/source3/lib/interfaces.c @@ -136,7 +136,7 @@ static int _get_interfaces(struct iface_struct *ifaces, int max_interfaces) memcpy(&ifaces[total].ip, ifptr->ifa_addr, copy_size); memcpy(&ifaces[total].netmask, ifptr->ifa_netmask, copy_size); - if ((ifaces[total].flags & IFF_BROADCAST) && + if ((ifaces[total].flags & (IFF_BROADCAST|IFF_LOOPBACK)) && ifptr->ifa_broadaddr) { memcpy(&ifaces[total].bcast, ifptr->ifa_broadaddr, -- cgit From 3d89bad41f64906f42616b50170f3471003139f7 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 13 Oct 2007 16:27:52 +0200 Subject: Fix a segfault with an unknown interface "interfaces = foo" with "foo" not being a known interface segfaulted for me. (This used to be commit 556c33702ce6d6c7cde43ddfe965c78ebc2963d3) --- source3/lib/interface.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/source3/lib/interface.c b/source3/lib/interface.c index 1471a06f46..2eaadab0ec 100644 --- a/source3/lib/interface.c +++ b/source3/lib/interface.c @@ -460,7 +460,13 @@ static void interpret_interface(char *token) /* maybe it is a DNS name */ p = strchr_m(token,'/'); - if (!p && interpret_string_addr(&ss, token)) { + if (p == NULL) { + if (!interpret_string_addr(&ss, token)) { + DEBUG(2, ("interpret_interface: Can't find address " + "for %s\n", token)); + return; + } + for (i=0;i Date: Sat, 13 Oct 2007 16:43:07 +0200 Subject: Fix an uninitialized variable warning (This used to be commit d0f25bb89a2268c8f789dd362010f8b785489424) --- source3/lib/interfaces.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source3/lib/interfaces.c b/source3/lib/interfaces.c index 20d91439f5..122101cdc9 100644 --- a/source3/lib/interfaces.c +++ b/source3/lib/interfaces.c @@ -549,10 +549,10 @@ static int iface_comp(struct iface_struct *i1, struct iface_struct *i2) s1 = (struct sockaddr_in *)&i1->netmask; s2 = (struct sockaddr_in *)&i2->netmask; - r = ntohl(s1->sin_addr.s_addr) - + return ntohl(s1->sin_addr.s_addr) - ntohl(s2->sin_addr.s_addr); } - return r; + return 0; } int get_interfaces(struct iface_struct *ifaces, int max_interfaces); -- cgit From 478ad87cb39d794f596316ba24d73c24d23a159a Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 13 Oct 2007 16:50:31 +0200 Subject: Use strlcpy instead of strncpy (This used to be commit 5e95c548864bc8b075b8343e69a69e1a22c92456) --- source3/lib/interfaces.c | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/source3/lib/interfaces.c b/source3/lib/interfaces.c index 122101cdc9..2b93a5ba39 100644 --- a/source3/lib/interfaces.c +++ b/source3/lib/interfaces.c @@ -85,6 +85,7 @@ #endif #include "interfaces.h" +#include "lib/replace/replace.h" /**************************************************************************** Try the "standard" getifaddrs/freeifaddrs interfaces. @@ -150,9 +151,8 @@ static int _get_interfaces(struct iface_struct *ifaces, int max_interfaces) continue; } - strncpy(ifaces[total].name, ifptr->ifa_name, - sizeof(ifaces[total].name)-1); - ifaces[total].name[sizeof(ifaces[total].name)-1] = 0; + strlcpy(ifaces[total].name, ifptr->ifa_name, + sizeof(ifaces[total].name)); total++; } @@ -218,9 +218,8 @@ static int _get_interfaces(struct iface_struct *ifaces, int max_interfaces) continue; } - strncpy(ifaces[total].name, ifr[i].ifr_name, - sizeof(ifaces[total].name)-1); - ifaces[total].name[sizeof(ifaces[total].name)-1] = 0; + strlcpy(ifaces[total].name, ifr[i].ifr_name, + sizeof(ifaces[total].name)); memcpy(&ifaces[total].ip, &ifr[i].ifr_addr, sizeof(struct sockaddr_in)); @@ -331,9 +330,7 @@ static int _get_interfaces(struct iface_struct *ifaces, int max_interfaces) continue; } - strncpy(ifaces[total].name, iname, - sizeof(ifaces[total].name)-1); - ifaces[total].name[sizeof(ifaces[total].name)-1] = 0; + strlcpy(ifaces[total].name, iname, sizeof(ifaces[total].name)); memcpy(&ifaces[total].ip, &ifreq.ifr_addr, sizeof(struct sockaddr_in)); @@ -436,9 +433,8 @@ static int _get_interfaces(struct iface_struct *ifaces, int max_interfaces) memcpy(&ifaces[total].ip, &ifr->ifr_addr, sizeof(struct sockaddr_in)); - strncpy(ifaces[total].name, ifr->ifr_name, - sizeof(ifaces[total].name)-1); - ifaces[total].name[sizeof(ifaces[total].name)-1] = 0; + strlcpy(ifaces[total].name, ifr->ifr_name, + sizeof(ifaces[total].name)); if (ioctl(fd, SIOCGIFNETMASK, ifr) != 0) { goto next; -- cgit