From 743e6363d54cf45a14de517e297faaa8258caaec Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@redhat.com>
Date: Wed, 16 Dec 2009 13:27:20 +0100
Subject: s4-gensec: Added remote and local setter/getter using tsocket.

---
 source4/auth/gensec/config.mk |   2 +-
 source4/auth/gensec/gensec.c  | 119 ++++++++++++++++++++++++++++++++++++++++--
 source4/auth/gensec/gensec.h  |  10 ++++
 3 files changed, 127 insertions(+), 4 deletions(-)

(limited to 'source4/auth')

diff --git a/source4/auth/gensec/config.mk b/source4/auth/gensec/config.mk
index aa52b184fc..f7cbd5b197 100644
--- a/source4/auth/gensec/config.mk
+++ b/source4/auth/gensec/config.mk
@@ -2,7 +2,7 @@
 # Start SUBSYSTEM gensec
 [LIBRARY::gensec]
 PUBLIC_DEPENDENCIES = \
-		CREDENTIALS LIBSAMBA-UTIL LIBCRYPTO ASN1_UTIL samba_socket LIBPACKET
+		CREDENTIALS LIBSAMBA-UTIL LIBCRYPTO ASN1_UTIL samba_socket LIBPACKET LIBTSOCKET
 # End SUBSYSTEM gensec
 #################################
 
diff --git a/source4/auth/gensec/gensec.c b/source4/auth/gensec/gensec.c
index 68f81881e4..7e6a552ef7 100644
--- a/source4/auth/gensec/gensec.c
+++ b/source4/auth/gensec/gensec.c
@@ -21,7 +21,10 @@
 */
 
 #include "includes.h"
+#include "system/network.h"
 #include "lib/events/events.h"
+#include "lib/socket/socket.h"
+#include "lib/tsocket/tsocket.h"
 #include "librpc/rpc/dcerpc.h"
 #include "auth/credentials/credentials.h"
 #include "auth/gensec/gensec.h"
@@ -518,6 +521,8 @@ static NTSTATUS gensec_start(TALLOC_CTX *mem_ctx,
 	NT_STATUS_HAVE_NO_MEMORY(*gensec_security);
 
 	(*gensec_security)->ops = NULL;
+	(*gensec_security)->local_addr = NULL;
+	(*gensec_security)->remote_addr = NULL;
 	(*gensec_security)->private_data = NULL;
 
 	ZERO_STRUCT((*gensec_security)->target);
@@ -1159,13 +1164,122 @@ _PUBLIC_ const char *gensec_get_target_hostname(struct gensec_security *gensec_s
 	return NULL;
 }
 
-/** 
- * Set (and talloc_reference) local and peer socket addresses onto a socket context on the GENSEC context 
+/**
+ * Set (and talloc_reference) local and peer socket addresses onto a socket
+ * context on the GENSEC context.
  *
  * This is so that kerberos can include these addresses in
  * cryptographic tokens, to avoid certain attacks.
  */
 
+/**
+ * @brief Set the local gensec address.
+ *
+ * @param  gensec_security   The gensec security context to use.
+ *
+ * @param  remote       The local address to set.
+ *
+ * @return              On success NT_STATUS_OK is returned or an NT_STATUS
+ *                      error.
+ */
+_PUBLIC_ NTSTATUS gensec_set_local_address(struct gensec_security *gensec_security,
+		const struct tsocket_address *local)
+{
+	ssize_t socklen;
+	struct sockaddr_storage ss;
+
+	/* set my_addr */
+	socklen = tsocket_address_bsd_sockaddr(local, (struct sockaddr *) &ss,
+				sizeof(struct sockaddr_storage));
+	if (socklen < 0) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	gensec_security->my_addr = socket_address_from_sockaddr(gensec_security,
+			(struct sockaddr *) &ss, socklen);
+	if (gensec_security->my_addr == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* set local */
+	TALLOC_FREE(gensec_security->local_addr);
+	gensec_security->local_addr = tsocket_address_copy(local, gensec_security);
+	if (gensec_security->local_addr == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	return NT_STATUS_OK;
+}
+
+/**
+ * @brief Set the remote gensec address.
+ *
+ * @param  gensec_security   The gensec security context to use.
+ *
+ * @param  remote       The remote address to set.
+ *
+ * @return              On success NT_STATUS_OK is returned or an NT_STATUS
+ *                      error.
+ */
+_PUBLIC_ NTSTATUS gensec_set_remote_address(struct gensec_security *gensec_security,
+		const struct tsocket_address *remote)
+{
+	ssize_t socklen;
+	struct sockaddr_storage ss;
+
+	/* set my_addr */
+	socklen = tsocket_address_bsd_sockaddr(remote, (struct sockaddr *) &ss,
+				sizeof(struct sockaddr_storage));
+	if (socklen < 0) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	gensec_security->peer_addr = socket_address_from_sockaddr(gensec_security,
+			(struct sockaddr *) &ss, socklen);
+	if (gensec_security->peer_addr == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* set remote */
+	TALLOC_FREE(gensec_security->remote_addr);
+	gensec_security->remote_addr = tsocket_address_copy(remote, gensec_security);
+	if (gensec_security->remote_addr == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	return NT_STATUS_OK;
+}
+
+/**
+ * @brief Get the local address from a gensec security context.
+ *
+ * @param  gensec_security   The security context to get the address from.
+ *
+ * @return              The address as tsocket_address which could be NULL if
+ *                      no address is set.
+ */
+_PUBLIC_ const struct tsocket_address *gensec_get_local_address(struct gensec_security *gensec_security)
+{
+	if (gensec_security == NULL) {
+		return NULL;
+	}
+	return gensec_security->local_addr;
+}
+
+/**
+ * @brief Get the remote address from a gensec security context.
+ *
+ * @param  gensec_security   The security context to get the address from.
+ *
+ * @return              The address as tsocket_address which could be NULL if
+ *                      no address is set.
+ */
+_PUBLIC_ const struct tsocket_address *gensec_get_remote_address(struct gensec_security *gensec_security)
+{
+	if (gensec_security == NULL) {
+		return NULL;
+	}
+	return gensec_security->remote_addr;
+}
+
 _PUBLIC_ NTSTATUS gensec_set_my_addr(struct gensec_security *gensec_security, struct socket_address *my_addr) 
 {
 	gensec_security->my_addr = my_addr;
@@ -1209,7 +1323,6 @@ _PUBLIC_ struct socket_address *gensec_get_peer_addr(struct gensec_security *gen
 }
 
 
-
 /** 
  * Set the target principal (assuming it it known, say from the SPNEGO reply)
  *  - ensures it is talloc()ed 
diff --git a/source4/auth/gensec/gensec.h b/source4/auth/gensec/gensec.h
index 8c1716e074..6fed4b6d80 100644
--- a/source4/auth/gensec/gensec.h
+++ b/source4/auth/gensec/gensec.h
@@ -170,6 +170,7 @@ struct gensec_security {
 	uint32_t want_features;
 	struct tevent_context *event_ctx;
 	struct socket_address *my_addr, *peer_addr;
+	struct tsocket_address *local_addr, *remote_addr;
 	struct gensec_settings *settings;
 	
 	/* When we are a server, this may be filled in to provide an
@@ -288,6 +289,15 @@ struct netlogon_creds_CredentialState;
 NTSTATUS dcerpc_schannel_creds(struct gensec_security *gensec_security,
 			       TALLOC_CTX *mem_ctx,
 			       struct netlogon_creds_CredentialState **creds);
+
+
+NTSTATUS gensec_set_local_address(struct gensec_security *gensec_security,
+		const struct tsocket_address *local);
+NTSTATUS gensec_set_remote_address(struct gensec_security *gensec_security,
+		const struct tsocket_address *remote);
+const struct tsocket_address *gensec_get_local_address(struct gensec_security *gensec_security);
+const struct tsocket_address *gensec_get_remote_address(struct gensec_security *gensec_security);
+
 NTSTATUS gensec_set_peer_addr(struct gensec_security *gensec_security, struct socket_address *peer_addr);
 NTSTATUS gensec_set_my_addr(struct gensec_security *gensec_security, struct socket_address *my_addr);
 
-- 
cgit