From f88b7a076be74a29a3bf876b4e2705f4a1ecf42b Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Wed, 24 Oct 2007 14:16:54 -0700
Subject: This is a large patch (sorry). Migrate from struct in_addr to struct
 sockaddr_storage in most places that matter (ie. not the nmbd and NetBIOS
 lookups). This passes make test on an IPv4 box, but I'll have to do more
 work/testing on IPv6 enabled boxes. This should now give us a framework for
 testing and finishing the IPv6 migration. It's at the state where someone
 with a working IPv6 setup should (theorecically) be able to type : smbclient
 //ipv6-address/share and have it work. Jeremy. (This used to be commit
 98e154c3125d5732c37a72d74b0eb5cd7b6155fd)

---
 source3/libads/kerberos.c   | 38 +++++++++++++++++++++++++-------------
 source3/libads/krb5_setpw.c | 28 +++++++++++++++++++++-------
 source3/libads/ldap.c       | 35 +++++++++++++++++++++++------------
 3 files changed, 69 insertions(+), 32 deletions(-)

(limited to 'source3/libads')

diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index 281ca2fd68..f259c21bdb 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -614,7 +614,10 @@ int kerberos_kinit_password(const char *principal,
  Does DNS queries.
 ************************************************************************/
 
-static char *get_kdc_ip_string(char *mem_ctx, const char *realm, const char *sitename, struct in_addr primary_ip)
+static char *get_kdc_ip_string(char *mem_ctx,
+		const char *realm,
+		const char *sitename,
+		struct sockaddr_storage *pss)
 {
 	int i;
 	struct ip_service *ip_srv_site = NULL;
@@ -622,7 +625,8 @@ static char *get_kdc_ip_string(char *mem_ctx, const char *realm, const char *sit
 	int count_site = 0;
 	int count_nonsite;
 	char *kdc_str = talloc_asprintf(mem_ctx, "\tkdc = %s\n",
-					inet_ntoa(primary_ip));
+					print_canonical_sockaddr(mem_ctx,
+							pss));
 
 	if (kdc_str == NULL) {
 		return NULL;
@@ -635,12 +639,15 @@ static char *get_kdc_ip_string(char *mem_ctx, const char *realm, const char *sit
 		get_kdc_list(realm, sitename, &ip_srv_site, &count_site);
 
 		for (i = 0; i < count_site; i++) {
-			if (ip_equal(ip_srv_site[i].ip, primary_ip)) {
+			if (addr_equal(&ip_srv_site[i].ss, pss)) {
 				continue;
 			}
-			/* Append to the string - inefficient but not done often. */
+			/* Append to the string - inefficient
+			 * but not done often. */
 			kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
-				kdc_str, inet_ntoa(ip_srv_site[i].ip));
+				kdc_str,
+				print_canonical_sockaddr(mem_ctx,
+							&ip_srv_site[i].ss));
 			if (!kdc_str) {
 				SAFE_FREE(ip_srv_site);
 				return NULL;
@@ -655,13 +662,14 @@ static char *get_kdc_ip_string(char *mem_ctx, const char *realm, const char *sit
 	for (i = 0; i < count_nonsite; i++) {
 		int j;
 
-		if (ip_equal(ip_srv_nonsite[i].ip, primary_ip)) {
+		if (addr_equal(&ip_srv_nonsite[i].ss, pss)) {
 			continue;
 		}
 
 		/* Ensure this isn't an IP already seen (YUK! this is n*n....) */
 		for (j = 0; j < count_site; j++) {
-			if (ip_equal(ip_srv_nonsite[i].ip, ip_srv_site[j].ip)) {
+			if (addr_equal(&ip_srv_nonsite[i].ss,
+						&ip_srv_site[j].ss)) {
 				break;
 			}
 			/* As the lists are sorted we can break early if nonsite > site. */
@@ -675,7 +683,9 @@ static char *get_kdc_ip_string(char *mem_ctx, const char *realm, const char *sit
 
 		/* Append to the string - inefficient but not done often. */
 		kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
-			kdc_str, inet_ntoa(ip_srv_nonsite[i].ip));
+				kdc_str,
+				print_canonical_sockaddr(mem_ctx,
+						&ip_srv_nonsite[i].ss));
 		if (!kdc_str) {
 			SAFE_FREE(ip_srv_site);
 			SAFE_FREE(ip_srv_nonsite);
@@ -700,8 +710,10 @@ static char *get_kdc_ip_string(char *mem_ctx, const char *realm, const char *sit
  run as root or will fail (which is a good thing :-).
 ************************************************************************/
 
-bool create_local_private_krb5_conf_for_domain(const char *realm, const char *domain,
-					const char *sitename, struct in_addr ip)
+bool create_local_private_krb5_conf_for_domain(const char *realm,
+						const char *domain,
+						const char *sitename,
+						struct sockaddr_storage *pss)
 {
 	char *dname = talloc_asprintf(NULL, "%s/smb_krb5", lp_lockdir());
 	char *tmpname = NULL;
@@ -742,12 +754,12 @@ bool create_local_private_krb5_conf_for_domain(const char *realm, const char *do
 	realm_upper = talloc_strdup(fname, realm);
 	strupper_m(realm_upper);
 
-	kdc_ip_string = get_kdc_ip_string(dname, realm, sitename, ip);
+	kdc_ip_string = get_kdc_ip_string(dname, realm, sitename, pss);
 	if (!kdc_ip_string) {
 		TALLOC_FREE(dname);
 		return False;
 	}
-		
+
 	file_contents = talloc_asprintf(fname, "[libdefaults]\n\tdefault_realm = %s\n\n"
 				"[realms]\n\t%s = {\n"
 				"\t%s\t}\n",
@@ -806,7 +818,7 @@ bool create_local_private_krb5_conf_for_domain(const char *realm, const char *do
 
 	DEBUG(5,("create_local_private_krb5_conf_for_domain: wrote "
 		"file %s with realm %s KDC = %s\n",
-		fname, realm_upper, inet_ntoa(ip) ));
+		fname, realm_upper, print_canonical_sockaddr(dname, pss) ));
 
 	/* Set the environment variable to this file. */
 	setenv("KRB5_CONFIG", fname, 1);
diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c
index 73dffe7c1b..831a448847 100644
--- a/source3/libads/krb5_setpw.c
+++ b/source3/libads/krb5_setpw.c
@@ -402,11 +402,14 @@ static ADS_STATUS do_krb5_kpasswd_request(krb5_context context,
 	int ret, sock;
 	socklen_t addr_len;
 	struct sockaddr remote_addr, local_addr;
-	struct in_addr *addr = interpret_addr2(kdc_host);
+	struct sockaddr_storage addr;
 	krb5_address local_kaddr, remote_kaddr;
 	bool use_tcp = False;
 
 
+	if (!interpret_string_addr(&addr, kdc_host, 0)) {
+	}
+
 	ret = krb5_mk_req_extended(context, &auth_context, AP_OPTS_USE_SUBKEY,
 				   NULL, credsp, &ap_req);
 	if (ret) {
@@ -422,7 +425,7 @@ static ADS_STATUS do_krb5_kpasswd_request(krb5_context context,
 
 		} else {
 
-			sock = open_socket_out(SOCK_STREAM, addr, DEFAULT_KPASSWD_PORT, 
+			sock = open_socket_out(SOCK_STREAM, &addr, DEFAULT_KPASSWD_PORT, 
 					       LONG_CONNECT_TIMEOUT);
 		}
 
@@ -430,18 +433,29 @@ static ADS_STATUS do_krb5_kpasswd_request(krb5_context context,
 			int rc = errno;
 			SAFE_FREE(ap_req.data);
 			krb5_auth_con_free(context, auth_context);
-			DEBUG(1,("failed to open kpasswd socket to %s (%s)\n", 
+			DEBUG(1,("failed to open kpasswd socket to %s (%s)\n",
 				 kdc_host, strerror(errno)));
 			return ADS_ERROR_SYSTEM(rc);
 		}
-		
 		addr_len = sizeof(remote_addr);
 		getpeername(sock, &remote_addr, &addr_len);
 		addr_len = sizeof(local_addr);
 		getsockname(sock, &local_addr, &addr_len);
-		
-		setup_kaddr(&remote_kaddr, &remote_addr);
-		setup_kaddr(&local_kaddr, &local_addr);
+
+		/* FIXME ! How do we do IPv6 here ? JRA. */
+		if (remote_addr.sa_family != AF_INET ||
+				local_addr.sa_family != AF_INET) {
+			DEBUG(1,("do_krb5_kpasswd_request: "
+				"no IPv6 support (yet).\n"));
+			close(sock);
+			SAFE_FREE(ap_req.data);
+			krb5_auth_con_free(context, auth_context);
+			errno = EINVAL;
+			return ADS_ERROR_SYSTEM(EINVAL);
+		}
+
+		setup_kaddr_v4(&remote_kaddr, &remote_addr);
+		setup_kaddr_v4(&local_kaddr, &local_addr);
 	
 		ret = krb5_auth_con_setaddrs(context, auth_context, &local_kaddr, NULL);
 		if (ret) {
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index f85d3cd7b0..0294c4a5b5 100644
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -221,13 +221,19 @@ bool ads_try_connect(ADS_STRUCT *ads, const char *server )
 		ads->config.client_site_name =
 			SMB_STRDUP(cldap_reply.client_site_name);
 	}
-		
 	ads->server.workgroup          = SMB_STRDUP(cldap_reply.netbios_domain);
 
 	ads->ldap.port = LDAP_PORT;
-	ads->ldap.ip = *interpret_addr2(srv);
+	if (!interpret_string_addr(&ads->ldap.ss, srv, 0)) {
+		DEBUG(1,("ads_try_connect: unable to convert %s "
+			"to an address\n",
+			srv));
+		SAFE_FREE( srv );
+		return False;
+	}
+
 	SAFE_FREE(srv);
-	
+
 	/* Store our site name. */
 	sitename_store( cldap_reply.domain, cldap_reply.client_site_name );
 
@@ -306,10 +312,10 @@ static NTSTATUS ads_find_dc(ADS_STRUCT *ads)
 
 	/* if we fail this loop, then giveup since all the IP addresses returned were dead */
 	for ( i=0; i<count; i++ ) {
-		fstring server;
-		
-		fstrcpy( server, inet_ntoa(ip_list[i].ip) );
-		
+		char server[INET6_ADDRSTRLEN];
+
+		print_sockaddr(server, sizeof(server), &ip_list[i].ss);
+
 		if ( !NT_STATUS_IS_OK(check_negative_conn_cache(realm, server)) )
 			continue;
 
@@ -371,6 +377,7 @@ ADS_STATUS ads_connect(ADS_STRUCT *ads)
 	int version = LDAP_VERSION3;
 	ADS_STATUS status;
 	NTSTATUS ntstatus;
+	char addr[INET6_ADDRSTRLEN];
 
 	ZERO_STRUCT(ads->ldap);
 	ads->ldap.last_attempt	= time(NULL);
@@ -378,7 +385,7 @@ ADS_STATUS ads_connect(ADS_STRUCT *ads)
 
 	/* try with a user specified server */
 
-	if (ads->server.ldap_server && 
+	if (ads->server.ldap_server &&
 	    ads_try_connect(ads, ads->server.ldap_server)) {
 		goto got_connection;
 	}
@@ -391,7 +398,9 @@ ADS_STATUS ads_connect(ADS_STRUCT *ads)
 	return ADS_ERROR_NT(ntstatus);
 
 got_connection:
-	DEBUG(3,("Connected to LDAP server %s\n", inet_ntoa(ads->ldap.ip)));
+
+	print_sockaddr(addr, sizeof(addr), &ads->ldap.ss);
+	DEBUG(3,("Connected to LDAP server %s\n", addr));
 
 	if (!ads->auth.user_name) {
 		/* Must use the userPrincipalName value here or sAMAccountName
@@ -405,7 +414,8 @@ got_connection:
 	}
 
 	if (!ads->auth.kdc_server) {
-		ads->auth.kdc_server = SMB_STRDUP(inet_ntoa(ads->ldap.ip));
+		print_sockaddr(addr, sizeof(addr), &ads->ldap.ss);
+		ads->auth.kdc_server = SMB_STRDUP(addr);
 	}
 
 #if KRB5_DNS_HACK
@@ -440,8 +450,9 @@ got_connection:
 
 	/* cache the successful connection for workgroup and realm */
 	if (ads_closest_dc(ads)) {
-		saf_store( ads->server.workgroup, inet_ntoa(ads->ldap.ip));
-		saf_store( ads->server.realm, inet_ntoa(ads->ldap.ip));
+		print_sockaddr(addr, sizeof(addr), &ads->ldap.ss);
+		saf_store( ads->server.workgroup, addr);
+		saf_store( ads->server.realm, addr);
 	}
 
 	ldap_set_option(ads->ldap.ld, LDAP_OPT_PROTOCOL_VERSION, &version);
-- 
cgit