From 1e5488859a66d25a0dedf0e2f9b545fb7acf1fa2 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Wed, 16 Dec 2009 16:41:21 +0100 Subject: s4-gensec: Replace gensec_get_peer_addr with new tsocket based fn. --- source4/auth/auth.h | 2 +- source4/auth/gensec/cyrus_sasl.c | 12 ++++++------ source4/auth/gensec/gensec.c | 13 ------------- source4/auth/gensec/gensec.h | 1 - source4/auth/gensec/gensec_krb5.c | 22 +++++++++++++++------- source4/auth/ntlm/auth_unix.c | 6 ++++-- source4/auth/ntlm/config.mk | 2 +- source4/auth/ntlmssp/ntlmssp_server.c | 3 ++- 8 files changed, 29 insertions(+), 32 deletions(-) (limited to 'source4/auth') diff --git a/source4/auth/auth.h b/source4/auth/auth.h index 49cf161241..c31ed2f5fd 100644 --- a/source4/auth/auth.h +++ b/source4/auth/auth.h @@ -57,7 +57,7 @@ enum auth_password_state { struct auth_usersupplied_info { const char *workstation_name; - struct socket_address *remote_host; + const struct tsocket_address *remote_host; uint32_t logon_parameters; diff --git a/source4/auth/gensec/cyrus_sasl.c b/source4/auth/gensec/cyrus_sasl.c index 39b11ff3d0..f56386784e 100644 --- a/source4/auth/gensec/cyrus_sasl.c +++ b/source4/auth/gensec/cyrus_sasl.c @@ -118,8 +118,8 @@ static NTSTATUS gensec_sasl_client_start(struct gensec_security *gensec_security struct gensec_sasl_state *gensec_sasl_state; const char *service = gensec_get_target_service(gensec_security); const char *target_name = gensec_get_target_hostname(gensec_security); - struct socket_address *remote_socket_addr = gensec_get_peer_addr(gensec_security); const struct tsocket_address *tlocal_addr = gensec_get_local_address(gensec_security); + const struct tsocket_address *tremote_addr = gensec_get_remote_address(gensec_security); char *local_addr = NULL; char *remote_addr = NULL; int sasl_ret; @@ -161,11 +161,11 @@ static NTSTATUS gensec_sasl_client_start(struct gensec_security *gensec_security tsocket_address_inet_port(tlocal_addr)); } - if (remote_socket_addr) { - remote_addr = talloc_asprintf(gensec_sasl_state, - "%s;%d", - remote_socket_addr->addr, - remote_socket_addr->port); + if (tremote_addr) { + remote_addr = talloc_asprintf(gensec_sasl_state, + "%s;%d", + tsocket_address_inet_addr_string(tremote_addr, gensec_sasl_state), + tsocket_address_inet_port(tremote_addr)); } gensec_sasl_state->step = 0; diff --git a/source4/auth/gensec/gensec.c b/source4/auth/gensec/gensec.c index 603a956442..9190364906 100644 --- a/source4/auth/gensec/gensec.c +++ b/source4/auth/gensec/gensec.c @@ -1280,19 +1280,6 @@ _PUBLIC_ const struct tsocket_address *gensec_get_remote_address(struct gensec_s return gensec_security->remote_addr; } -_PUBLIC_ struct socket_address *gensec_get_peer_addr(struct gensec_security *gensec_security) -{ - if (gensec_security->peer_addr) { - return gensec_security->peer_addr; - } - - /* We could add a 'set sockaddr' call, and do a lookup. This - * would avoid needing to do system calls if nothing asks. - * However, this is not appropriate for the peer addres on - * datagram sockets */ - return NULL; -} - /** * Set the target principal (assuming it it known, say from the SPNEGO reply) diff --git a/source4/auth/gensec/gensec.h b/source4/auth/gensec/gensec.h index fe628bbbe9..293dd16b85 100644 --- a/source4/auth/gensec/gensec.h +++ b/source4/auth/gensec/gensec.h @@ -251,7 +251,6 @@ NTSTATUS gensec_start_mech_by_oid(struct gensec_security *gensec_security, const char *mech_oid); const char *gensec_get_name_by_oid(struct gensec_security *gensec_security, const char *oid_string); struct cli_credentials *gensec_get_credentials(struct gensec_security *gensec_security); -struct socket_address *gensec_get_peer_addr(struct gensec_security *gensec_security); NTSTATUS gensec_init(struct loadparm_context *lp_ctx); NTSTATUS gensec_unseal_packet(struct gensec_security *gensec_security, TALLOC_CTX *mem_ctx, diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c index ff26018ae2..46b8181de7 100644 --- a/source4/auth/gensec/gensec_krb5.c +++ b/source4/auth/gensec/gensec_krb5.c @@ -90,8 +90,7 @@ static NTSTATUS gensec_krb5_start(struct gensec_security *gensec_security, bool krb5_error_code ret; struct gensec_krb5_state *gensec_krb5_state; struct cli_credentials *creds; - const struct socket_address *peer_addr; - const struct tsocket_address *tlocal_addr; + const struct tsocket_address *tlocal_addr, *tremote_addr; krb5_address my_krb5_addr, peer_krb5_addr; creds = gensec_get_credentials(gensec_security); @@ -165,10 +164,19 @@ static NTSTATUS gensec_krb5_start(struct gensec_security *gensec_security, bool } } - peer_addr = gensec_get_peer_addr(gensec_security); - if (peer_addr && peer_addr->sockaddr) { - ret = krb5_sockaddr2address(gensec_krb5_state->smb_krb5_context->krb5_context, - peer_addr->sockaddr, &peer_krb5_addr); + tremote_addr = gensec_get_remote_address(gensec_security); + if (tremote_addr) { + ssize_t socklen; + struct sockaddr_storage ss; + + socklen = tsocket_address_bsd_sockaddr(tremote_addr, + (struct sockaddr *) &ss, + sizeof(struct sockaddr_storage)); + if (socklen < 0) { + return NT_STATUS_INTERNAL_ERROR; + } + ret = krb5_sockaddr2address(gensec_krb5_state->smb_krb5_context->krb5_context, + (const struct sockaddr *) &ss, &peer_krb5_addr); if (ret) { DEBUG(1,("gensec_krb5_start: krb5_sockaddr2address (local) failed (%s)\n", smb_get_krb5_error_message(gensec_krb5_state->smb_krb5_context->krb5_context, @@ -181,7 +189,7 @@ static NTSTATUS gensec_krb5_start(struct gensec_security *gensec_security, bool ret = krb5_auth_con_setaddrs(gensec_krb5_state->smb_krb5_context->krb5_context, gensec_krb5_state->auth_context, tlocal_addr ? &my_krb5_addr : NULL, - peer_addr ? &peer_krb5_addr : NULL); + tremote_addr ? &peer_krb5_addr : NULL); if (ret) { DEBUG(1,("gensec_krb5_start: krb5_auth_con_setaddrs failed (%s)\n", smb_get_krb5_error_message(gensec_krb5_state->smb_krb5_context->krb5_context, diff --git a/source4/auth/ntlm/auth_unix.c b/source4/auth/ntlm/auth_unix.c index 1717b9d0e1..aa68bb161e 100644 --- a/source4/auth/ntlm/auth_unix.c +++ b/source4/auth/ntlm/auth_unix.c @@ -23,7 +23,8 @@ #include "auth/auth.h" #include "auth/ntlm/auth_proto.h" #include "system/passwd.h" /* needed by some systems for struct passwd */ -#include "lib/socket/socket.h" +#include "lib/socket/socket.h" +#include "lib/tsocket/tsocket.h" #include "auth/ntlm/pam_errors.h" #include "param/param.h" @@ -458,7 +459,8 @@ static NTSTATUS check_unix_password(TALLOC_CTX *ctx, struct loadparm_context *lp * if true set up a crack name routine. */ - nt_status = smb_pam_start(&pamh, user_info->mapped.account_name, user_info->remote_host ? user_info->remote_host->addr : NULL, pamconv); + nt_status = smb_pam_start(&pamh, user_info->mapped.account_name, + user_info->remote_host ? tsocket_address_inet_addr_string(user_info->remote_host, ctx) : NULL, pamconv); if (!NT_STATUS_IS_OK(nt_status)) { return nt_status; } diff --git a/source4/auth/ntlm/config.mk b/source4/auth/ntlm/config.mk index cb9c3b6cc9..a0d668f748 100644 --- a/source4/auth/ntlm/config.mk +++ b/source4/auth/ntlm/config.mk @@ -57,7 +57,7 @@ auth_developer_OBJ_FILES = $(addprefix $(authsrcdir)/ntlm/, auth_developer.o) [MODULE::auth_unix] INIT_FUNCTION = auth_unix_init SUBSYSTEM = auth -PRIVATE_DEPENDENCIES = CRYPT PAM PAM_ERRORS NSS_WRAPPER UID_WRAPPER +PRIVATE_DEPENDENCIES = CRYPT PAM PAM_ERRORS NSS_WRAPPER UID_WRAPPER LIBTSOCKET auth_unix_OBJ_FILES = $(addprefix $(authsrcdir)/ntlm/, auth_unix.o) diff --git a/source4/auth/ntlmssp/ntlmssp_server.c b/source4/auth/ntlmssp/ntlmssp_server.c index 63cbf68e85..94de920772 100644 --- a/source4/auth/ntlmssp/ntlmssp_server.c +++ b/source4/auth/ntlmssp/ntlmssp_server.c @@ -23,6 +23,7 @@ #include "includes.h" #include "system/network.h" +#include "lib/tsocket/tsocket.h" #include "auth/ntlmssp/ntlmssp.h" #include "../libcli/auth/libcli_auth.h" #include "../lib/crypto/crypto.h" @@ -666,7 +667,7 @@ static NTSTATUS auth_ntlmssp_check_password(struct gensec_ntlmssp_state *gensec_ user_info->client.account_name = gensec_ntlmssp_state->user; user_info->client.domain_name = gensec_ntlmssp_state->domain; user_info->workstation_name = gensec_ntlmssp_state->workstation; - user_info->remote_host = gensec_get_peer_addr(gensec_ntlmssp_state->gensec_security); + user_info->remote_host = gensec_get_remote_address(gensec_ntlmssp_state->gensec_security); user_info->password_state = AUTH_PASSWORD_RESPONSE; user_info->password.response.lanman = gensec_ntlmssp_state->lm_resp; -- cgit