From 1e5488859a66d25a0dedf0e2f9b545fb7acf1fa2 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@redhat.com>
Date: Wed, 16 Dec 2009 16:41:21 +0100
Subject: s4-gensec: Replace gensec_get_peer_addr with new tsocket based fn.

---
 source4/auth/auth.h                   |  2 +-
 source4/auth/gensec/cyrus_sasl.c      | 12 ++++++------
 source4/auth/gensec/gensec.c          | 13 -------------
 source4/auth/gensec/gensec.h          |  1 -
 source4/auth/gensec/gensec_krb5.c     | 22 +++++++++++++++-------
 source4/auth/ntlm/auth_unix.c         |  6 ++++--
 source4/auth/ntlm/config.mk           |  2 +-
 source4/auth/ntlmssp/ntlmssp_server.c |  3 ++-
 8 files changed, 29 insertions(+), 32 deletions(-)

(limited to 'source4/auth')

diff --git a/source4/auth/auth.h b/source4/auth/auth.h
index 49cf161241..c31ed2f5fd 100644
--- a/source4/auth/auth.h
+++ b/source4/auth/auth.h
@@ -57,7 +57,7 @@ enum auth_password_state {
 struct auth_usersupplied_info
 {
 	const char *workstation_name;
-	struct socket_address *remote_host;
+	const struct tsocket_address *remote_host;
 
 	uint32_t logon_parameters;
 
diff --git a/source4/auth/gensec/cyrus_sasl.c b/source4/auth/gensec/cyrus_sasl.c
index 39b11ff3d0..f56386784e 100644
--- a/source4/auth/gensec/cyrus_sasl.c
+++ b/source4/auth/gensec/cyrus_sasl.c
@@ -118,8 +118,8 @@ static NTSTATUS gensec_sasl_client_start(struct gensec_security *gensec_security
 	struct gensec_sasl_state *gensec_sasl_state;
 	const char *service = gensec_get_target_service(gensec_security);
 	const char *target_name = gensec_get_target_hostname(gensec_security);
-	struct socket_address *remote_socket_addr = gensec_get_peer_addr(gensec_security);
 	const struct tsocket_address *tlocal_addr = gensec_get_local_address(gensec_security);
+	const struct tsocket_address *tremote_addr = gensec_get_remote_address(gensec_security);
 	char *local_addr = NULL;
 	char *remote_addr = NULL;
 	int sasl_ret;
@@ -161,11 +161,11 @@ static NTSTATUS gensec_sasl_client_start(struct gensec_security *gensec_security
 				tsocket_address_inet_port(tlocal_addr));
 	}
 
-	if (remote_socket_addr) {
-		remote_addr = talloc_asprintf(gensec_sasl_state, 
-					     "%s;%d",
-					     remote_socket_addr->addr, 
-					     remote_socket_addr->port);
+	if (tremote_addr) {
+		remote_addr = talloc_asprintf(gensec_sasl_state,
+				"%s;%d",
+				tsocket_address_inet_addr_string(tremote_addr, gensec_sasl_state),
+				tsocket_address_inet_port(tremote_addr));
 	}
 	gensec_sasl_state->step = 0;
 
diff --git a/source4/auth/gensec/gensec.c b/source4/auth/gensec/gensec.c
index 603a956442..9190364906 100644
--- a/source4/auth/gensec/gensec.c
+++ b/source4/auth/gensec/gensec.c
@@ -1280,19 +1280,6 @@ _PUBLIC_ const struct tsocket_address *gensec_get_remote_address(struct gensec_s
 	return gensec_security->remote_addr;
 }
 
-_PUBLIC_ struct socket_address *gensec_get_peer_addr(struct gensec_security *gensec_security) 
-{
-	if (gensec_security->peer_addr) {
-		return gensec_security->peer_addr;
-	}
-
-	/* We could add a 'set sockaddr' call, and do a lookup.  This
-	 * would avoid needing to do system calls if nothing asks.
-	 * However, this is not appropriate for the peer addres on
-	 * datagram sockets */
-	return NULL;
-}
-
 
 /** 
  * Set the target principal (assuming it it known, say from the SPNEGO reply)
diff --git a/source4/auth/gensec/gensec.h b/source4/auth/gensec/gensec.h
index fe628bbbe9..293dd16b85 100644
--- a/source4/auth/gensec/gensec.h
+++ b/source4/auth/gensec/gensec.h
@@ -251,7 +251,6 @@ NTSTATUS gensec_start_mech_by_oid(struct gensec_security *gensec_security,
 				  const char *mech_oid);
 const char *gensec_get_name_by_oid(struct gensec_security *gensec_security, const char *oid_string);
 struct cli_credentials *gensec_get_credentials(struct gensec_security *gensec_security);
-struct socket_address *gensec_get_peer_addr(struct gensec_security *gensec_security);
 NTSTATUS gensec_init(struct loadparm_context *lp_ctx);
 NTSTATUS gensec_unseal_packet(struct gensec_security *gensec_security, 
 			      TALLOC_CTX *mem_ctx, 
diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c
index ff26018ae2..46b8181de7 100644
--- a/source4/auth/gensec/gensec_krb5.c
+++ b/source4/auth/gensec/gensec_krb5.c
@@ -90,8 +90,7 @@ static NTSTATUS gensec_krb5_start(struct gensec_security *gensec_security, bool
 	krb5_error_code ret;
 	struct gensec_krb5_state *gensec_krb5_state;
 	struct cli_credentials *creds;
-	const struct socket_address *peer_addr;
-	const struct tsocket_address *tlocal_addr;
+	const struct tsocket_address *tlocal_addr, *tremote_addr;
 	krb5_address my_krb5_addr, peer_krb5_addr;
 	
 	creds = gensec_get_credentials(gensec_security);
@@ -165,10 +164,19 @@ static NTSTATUS gensec_krb5_start(struct gensec_security *gensec_security, bool
 		}
 	}
 
-	peer_addr = gensec_get_peer_addr(gensec_security);
-	if (peer_addr && peer_addr->sockaddr) {
-		ret = krb5_sockaddr2address(gensec_krb5_state->smb_krb5_context->krb5_context, 
-					    peer_addr->sockaddr, &peer_krb5_addr);
+	tremote_addr = gensec_get_remote_address(gensec_security);
+	if (tremote_addr) {
+		ssize_t socklen;
+		struct sockaddr_storage ss;
+
+		socklen = tsocket_address_bsd_sockaddr(tremote_addr,
+				(struct sockaddr *) &ss,
+				sizeof(struct sockaddr_storage));
+		if (socklen < 0) {
+			return NT_STATUS_INTERNAL_ERROR;
+		}
+		ret = krb5_sockaddr2address(gensec_krb5_state->smb_krb5_context->krb5_context,
+				(const struct sockaddr *) &ss, &peer_krb5_addr);
 		if (ret) {
 			DEBUG(1,("gensec_krb5_start: krb5_sockaddr2address (local) failed (%s)\n", 
 				 smb_get_krb5_error_message(gensec_krb5_state->smb_krb5_context->krb5_context, 
@@ -181,7 +189,7 @@ static NTSTATUS gensec_krb5_start(struct gensec_security *gensec_security, bool
 	ret = krb5_auth_con_setaddrs(gensec_krb5_state->smb_krb5_context->krb5_context, 
 				     gensec_krb5_state->auth_context,
 				     tlocal_addr ? &my_krb5_addr : NULL,
-				     peer_addr ? &peer_krb5_addr : NULL);
+				     tremote_addr ? &peer_krb5_addr : NULL);
 	if (ret) {
 		DEBUG(1,("gensec_krb5_start: krb5_auth_con_setaddrs failed (%s)\n", 
 			 smb_get_krb5_error_message(gensec_krb5_state->smb_krb5_context->krb5_context, 
diff --git a/source4/auth/ntlm/auth_unix.c b/source4/auth/ntlm/auth_unix.c
index 1717b9d0e1..aa68bb161e 100644
--- a/source4/auth/ntlm/auth_unix.c
+++ b/source4/auth/ntlm/auth_unix.c
@@ -23,7 +23,8 @@
 #include "auth/auth.h"
 #include "auth/ntlm/auth_proto.h"
 #include "system/passwd.h" /* needed by some systems for struct passwd */
-#include "lib/socket/socket.h" 
+#include "lib/socket/socket.h"
+#include "lib/tsocket/tsocket.h"
 #include "auth/ntlm/pam_errors.h"
 #include "param/param.h"
 
@@ -458,7 +459,8 @@ static NTSTATUS check_unix_password(TALLOC_CTX *ctx, struct loadparm_context *lp
 	 * if true set up a crack name routine.
 	 */
 
-	nt_status = smb_pam_start(&pamh, user_info->mapped.account_name, user_info->remote_host ? user_info->remote_host->addr : NULL, pamconv);
+	nt_status = smb_pam_start(&pamh, user_info->mapped.account_name,
+			user_info->remote_host ? tsocket_address_inet_addr_string(user_info->remote_host, ctx) : NULL, pamconv);
 	if (!NT_STATUS_IS_OK(nt_status)) {
 		return nt_status;
 	}
diff --git a/source4/auth/ntlm/config.mk b/source4/auth/ntlm/config.mk
index cb9c3b6cc9..a0d668f748 100644
--- a/source4/auth/ntlm/config.mk
+++ b/source4/auth/ntlm/config.mk
@@ -57,7 +57,7 @@ auth_developer_OBJ_FILES = $(addprefix $(authsrcdir)/ntlm/, auth_developer.o)
 [MODULE::auth_unix]
 INIT_FUNCTION = auth_unix_init
 SUBSYSTEM = auth
-PRIVATE_DEPENDENCIES = CRYPT PAM PAM_ERRORS NSS_WRAPPER UID_WRAPPER
+PRIVATE_DEPENDENCIES = CRYPT PAM PAM_ERRORS NSS_WRAPPER UID_WRAPPER LIBTSOCKET
 
 auth_unix_OBJ_FILES = $(addprefix $(authsrcdir)/ntlm/, auth_unix.o)
 
diff --git a/source4/auth/ntlmssp/ntlmssp_server.c b/source4/auth/ntlmssp/ntlmssp_server.c
index 63cbf68e85..94de920772 100644
--- a/source4/auth/ntlmssp/ntlmssp_server.c
+++ b/source4/auth/ntlmssp/ntlmssp_server.c
@@ -23,6 +23,7 @@
 
 #include "includes.h"
 #include "system/network.h"
+#include "lib/tsocket/tsocket.h"
 #include "auth/ntlmssp/ntlmssp.h"
 #include "../libcli/auth/libcli_auth.h"
 #include "../lib/crypto/crypto.h"
@@ -666,7 +667,7 @@ static NTSTATUS auth_ntlmssp_check_password(struct gensec_ntlmssp_state *gensec_
 	user_info->client.account_name = gensec_ntlmssp_state->user;
 	user_info->client.domain_name = gensec_ntlmssp_state->domain;
 	user_info->workstation_name = gensec_ntlmssp_state->workstation;
-	user_info->remote_host = gensec_get_peer_addr(gensec_ntlmssp_state->gensec_security);
+	user_info->remote_host = gensec_get_remote_address(gensec_ntlmssp_state->gensec_security);
 
 	user_info->password_state = AUTH_PASSWORD_RESPONSE;
 	user_info->password.response.lanman = gensec_ntlmssp_state->lm_resp;
-- 
cgit