mirror of
https://github.com/samba-team/samba.git
synced 2025-08-07 09:49:30 +03:00
Stop get_peer_addr() and client_addr() from using global
statics. Part of my library cleanups.
Jeremy.
(This used to be commit e848506c85)
This commit is contained in:
Jeremy Allison
@ -455,6 +455,7 @@ static bool smb_pam_start(pam_handle_t **pamh, const char *user, const char *rho
|
||||
{
|
||||
int pam_error;
|
||||
const char *our_rhost;
|
||||
char addr[INET6_ADDRSTRLEN];
|
||||
|
||||
*pamh = (pam_handle_t *)NULL;
|
||||
|
||||
@ -469,7 +470,7 @@ static bool smb_pam_start(pam_handle_t **pamh, const char *user, const char *rho
|
||||
if (rhost == NULL) {
|
||||
our_rhost = client_name();
|
||||
if (strequal(our_rhost,"UNKNOWN"))
|
||||
our_rhost = client_addr();
|
||||
our_rhost = client_addr(addr);
|
||||
} else {
|
||||
our_rhost = rhost;
|
||||
}
|
||||
|
||||
@ -346,6 +346,8 @@ bool check_access(int sock, const char **allow_list, const char **deny_list)
|
||||
ret = true;
|
||||
|
||||
if (!ret) {
|
||||
char addr[INET6_ADDRSTRLEN];
|
||||
|
||||
/* Bypass name resolution calls if the lists
|
||||
* only contain IP addrs */
|
||||
if (only_ipaddrs_in_list(allow_list) &&
|
||||
@ -356,24 +358,24 @@ bool check_access(int sock, const char **allow_list, const char **deny_list)
|
||||
ret = allow_access(deny_list,
|
||||
allow_list,
|
||||
"",
|
||||
get_peer_addr(sock));
|
||||
get_peer_addr(sock,addr));
|
||||
} else {
|
||||
DEBUG (3, ("check_access: hostnames in "
|
||||
"host allow/deny list.\n"));
|
||||
ret = allow_access(deny_list,
|
||||
allow_list,
|
||||
get_peer_name(sock,true),
|
||||
get_peer_addr(sock));
|
||||
get_peer_addr(sock,addr));
|
||||
}
|
||||
|
||||
if (ret) {
|
||||
DEBUG(2,("Allowed connection from %s (%s)\n",
|
||||
only_ip ? "" : get_peer_name(sock,true),
|
||||
get_peer_addr(sock)));
|
||||
get_peer_addr(sock,addr)));
|
||||
} else {
|
||||
DEBUG(0,("Denied connection from %s (%s)\n",
|
||||
only_ip ? "" : get_peer_name(sock,true),
|
||||
get_peer_addr(sock)));
|
||||
get_peer_addr(sock,addr)));
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -449,6 +449,7 @@ char *alloc_sub_basic(const char *smb_name, const char *domain_name,
|
||||
char *b, *p, *s, *r, *a_string;
|
||||
fstring pidstr, vnnstr;
|
||||
struct passwd *pass;
|
||||
char addr[INET6_ADDRSTRLEN];
|
||||
const char *local_machine_name = get_local_machine_name();
|
||||
|
||||
/* workaround to prevent a crash while looking at bug #687 */
|
||||
@ -494,7 +495,7 @@ char *alloc_sub_basic(const char *smb_name, const char *domain_name,
|
||||
a_string = realloc_string_sub(a_string, "%D", r);
|
||||
break;
|
||||
case 'I' :
|
||||
a_string = realloc_string_sub(a_string, "%I", client_addr());
|
||||
a_string = realloc_string_sub(a_string, "%I", client_addr(addr));
|
||||
break;
|
||||
case 'i':
|
||||
a_string = realloc_string_sub( a_string, "%i", client_socket_addr() );
|
||||
|
||||
@ -587,9 +587,10 @@ char *print_canonical_sockaddr(TALLOC_CTX *ctx,
|
||||
|
||||
void client_setfd(int fd)
|
||||
{
|
||||
char addr[INET6_ADDRSTRLEN];
|
||||
client_fd = fd;
|
||||
safe_strcpy(client_ip_string,
|
||||
get_peer_addr(client_fd),
|
||||
get_peer_addr(client_fd,addr),
|
||||
sizeof(client_ip_string)-1);
|
||||
}
|
||||
|
||||
@ -658,9 +659,9 @@ const char *client_name(void)
|
||||
return get_peer_name(client_fd,false);
|
||||
}
|
||||
|
||||
const char *client_addr(void)
|
||||
const char *client_addr(char addr[INET6_ADDRSTRLEN])
|
||||
{
|
||||
return get_peer_addr(client_fd);
|
||||
return get_peer_addr(client_fd,addr);
|
||||
}
|
||||
|
||||
const char *client_socket_addr(void)
|
||||
@ -1699,12 +1700,12 @@ int open_udp_socket(const char *host, int port)
|
||||
******************************************************************/
|
||||
|
||||
static const char *get_peer_addr_internal(int fd,
|
||||
char addr_buf[INET6_ADDRSTRLEN],
|
||||
struct sockaddr_storage *pss,
|
||||
socklen_t *plength)
|
||||
{
|
||||
struct sockaddr_storage ss;
|
||||
socklen_t length = sizeof(ss);
|
||||
static char addr_buf[INET6_ADDRSTRLEN];
|
||||
|
||||
safe_strcpy(addr_buf,"0.0.0.0",sizeof(addr_buf)-1);
|
||||
|
||||
@ -1732,7 +1733,6 @@ static const char *get_peer_addr_internal(int fd,
|
||||
return addr_buf;
|
||||
}
|
||||
|
||||
|
||||
/*******************************************************************
|
||||
Matchname - determine if host name matches IP address. Used to
|
||||
confirm a hostname lookup to prevent spoof attacks.
|
||||
@ -1807,10 +1807,12 @@ static bool matchname(const char *remotehost,
|
||||
Return the DNS name of the remote end of a socket.
|
||||
******************************************************************/
|
||||
|
||||
static char addr_buf_cache[INET6_ADDRSTRLEN];
|
||||
|
||||
const char *get_peer_name(int fd, bool force_lookup)
|
||||
{
|
||||
static fstring addr_buf;
|
||||
static pstring name_buf;
|
||||
char addr_buf[INET6_ADDRSTRLEN];
|
||||
struct sockaddr_storage ss;
|
||||
socklen_t length = sizeof(ss);
|
||||
const char *p;
|
||||
@ -1822,13 +1824,14 @@ const char *get_peer_name(int fd, bool force_lookup)
|
||||
with dns. To avoid the delay we avoid the lookup if
|
||||
possible */
|
||||
if (!lp_hostname_lookups() && (force_lookup == false)) {
|
||||
return get_peer_addr(fd);
|
||||
pstrcpy(name_buf, get_peer_addr(fd, addr_buf));
|
||||
return name_buf;
|
||||
}
|
||||
|
||||
p = get_peer_addr_internal(fd, &ss, &length);
|
||||
p = get_peer_addr_internal(fd, addr_buf, &ss, &length);
|
||||
|
||||
/* it might be the same as the last one - save some DNS work */
|
||||
if (strcmp(p, addr_buf) == 0) {
|
||||
if (strcmp(p, addr_buf_cache) == 0) {
|
||||
return name_buf;
|
||||
}
|
||||
|
||||
@ -1837,7 +1840,7 @@ const char *get_peer_name(int fd, bool force_lookup)
|
||||
return name_buf;
|
||||
}
|
||||
|
||||
fstrcpy(addr_buf, p);
|
||||
safe_strcpy(addr_buf_cache, p, sizeof(addr_buf_cache)-1);
|
||||
|
||||
/* Look up the remote host name. */
|
||||
ret = getnameinfo((struct sockaddr *)&ss,
|
||||
@ -1878,9 +1881,9 @@ const char *get_peer_name(int fd, bool force_lookup)
|
||||
Return the IP addr of the remote end of a socket as a string.
|
||||
******************************************************************/
|
||||
|
||||
const char *get_peer_addr(int fd)
|
||||
const char *get_peer_addr(int fd, char addr[INET6_ADDRSTRLEN])
|
||||
{
|
||||
return get_peer_addr_internal(fd, NULL, NULL);
|
||||
return get_peer_addr_internal(fd, addr, NULL, NULL);
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
|
||||
@ -55,6 +55,7 @@ static bool read_target_host(const char *mapfile, pstring targethost)
|
||||
DEBUG(10, ("Scanning mapfile [%s]\n", mapfile));
|
||||
|
||||
while (x_fgets(buf, sizeof(buf), f) != NULL) {
|
||||
char addr[INET6_ADDRSTRLEN];
|
||||
|
||||
if ((strlen(buf) > 0) && (buf[strlen(buf)-1] == '\n'))
|
||||
buf[strlen(buf)-1] = '\0';
|
||||
@ -70,7 +71,7 @@ static bool read_target_host(const char *mapfile, pstring targethost)
|
||||
|
||||
*space = '\0';
|
||||
|
||||
if (strncmp(client_addr(), buf, strlen(buf)) == 0) {
|
||||
if (strncmp(client_addr(addr), buf, strlen(buf)) == 0) {
|
||||
found = True;
|
||||
break;
|
||||
}
|
||||
|
||||
@ -567,6 +567,7 @@ static int cups_job_submit(int snum, struct printjob *pjob)
|
||||
pstring new_jobname;
|
||||
int num_options = 0;
|
||||
cups_option_t *options = NULL;
|
||||
char addr[INET6_ADDRSTRLEN];
|
||||
|
||||
DEBUG(5,("cups_job_submit(%d, %p (%d))\n", snum, pjob, pjob->sysjob));
|
||||
|
||||
@ -619,7 +620,7 @@ static int cups_job_submit(int snum, struct printjob *pjob)
|
||||
|
||||
clientname = client_name();
|
||||
if (strcmp(clientname, "UNKNOWN") == 0) {
|
||||
clientname = client_addr();
|
||||
clientname = client_addr(addr);
|
||||
}
|
||||
|
||||
ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_NAME,
|
||||
|
||||
@ -727,6 +727,7 @@ static int iprint_job_submit(int snum, struct printjob *pjob)
|
||||
cups_lang_t *language = NULL; /* Default language */
|
||||
char uri[HTTP_MAX_URI]; /* printer-uri attribute */
|
||||
const char *clientname = NULL; /* hostname of client for job-originating-host attribute */
|
||||
char addr[INET6_ADDRSTRLEN];
|
||||
|
||||
DEBUG(5,("iprint_job_submit(%d, %p (%d))\n", snum, pjob, pjob->sysjob));
|
||||
|
||||
@ -780,7 +781,7 @@ static int iprint_job_submit(int snum, struct printjob *pjob)
|
||||
|
||||
clientname = client_name();
|
||||
if (strcmp(clientname, "UNKNOWN") == 0) {
|
||||
clientname = client_addr();
|
||||
clientname = client_addr(addr);
|
||||
}
|
||||
|
||||
ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_NAME,
|
||||
|
||||
@ -196,8 +196,10 @@ static NTSTATUS get_md4pw(char *md4pw, char *mach_acct, uint16 sec_chan_type)
|
||||
const uint8 *pass;
|
||||
bool ret;
|
||||
uint32 acct_ctrl;
|
||||
|
||||
|
||||
#if 0
|
||||
char addr[INET6_ADDRSTRLEN];
|
||||
|
||||
/*
|
||||
* Currently this code is redundent as we already have a filter
|
||||
* by hostname list. What this code really needs to do is to
|
||||
@ -208,7 +210,7 @@ static NTSTATUS get_md4pw(char *md4pw, char *mach_acct, uint16 sec_chan_type)
|
||||
*/
|
||||
|
||||
if (!allow_access(lp_domain_hostsdeny(), lp_domain_hostsallow(),
|
||||
client_name(), client_addr()))
|
||||
client_name(), client_addr(addr)))
|
||||
{
|
||||
DEBUG(0,("get_md4pw: Workstation %s denied access to domain\n", mach_acct));
|
||||
return False;
|
||||
|
||||
@ -128,6 +128,7 @@ bool claim_connection(connection_struct *conn, const char *name,
|
||||
struct connections_data crec;
|
||||
TDB_DATA dbuf;
|
||||
NTSTATUS status;
|
||||
char addr[INET6_ADDRSTRLEN];
|
||||
|
||||
DEBUG(5,("claiming [%s]\n", name));
|
||||
|
||||
@ -151,7 +152,7 @@ bool claim_connection(connection_struct *conn, const char *name,
|
||||
crec.bcast_msg_flags = msg_flags;
|
||||
|
||||
strlcpy(crec.machine,get_remote_machine_name(),sizeof(crec.machine));
|
||||
strlcpy(crec.addr,conn?conn->client_address:client_addr(),
|
||||
strlcpy(crec.addr,conn?conn->client_address:client_addr(addr),
|
||||
sizeof(crec.addr));
|
||||
|
||||
dbuf.dptr = (uint8 *)&crec;
|
||||
|
||||
@ -1460,15 +1460,18 @@ static void process_smb(char *inbuf, size_t nread, size_t unread_bytes)
|
||||
DO_PROFILE_INC(smb_count);
|
||||
|
||||
if (trans_num == 0) {
|
||||
char addr[INET6_ADDRSTRLEN];
|
||||
|
||||
/* on the first packet, check the global hosts allow/ hosts
|
||||
deny parameters before doing any parsing of the packet
|
||||
passed to us by the client. This prevents attacks on our
|
||||
parsing code from hosts not in the hosts allow list */
|
||||
|
||||
if (!check_access(smbd_server_fd(), lp_hostsallow(-1),
|
||||
lp_hostsdeny(-1))) {
|
||||
/* send a negative session response "not listening on calling name" */
|
||||
static unsigned char buf[5] = {0x83, 0, 0, 1, 0x81};
|
||||
DEBUG( 1, ( "Connection denied from %s\n", client_addr() ) );
|
||||
DEBUG( 1, ( "Connection denied from %s\n", client_addr(addr) ) );
|
||||
(void)send_smb(smbd_server_fd(),(char *)buf);
|
||||
exit_server_cleanly("connection denied");
|
||||
}
|
||||
|
||||
@ -602,6 +602,8 @@ static bool open_sockets_smbd(bool is_daemon, bool interactive, const char *smb_
|
||||
if (allowable_number_of_smbd_processes() &&
|
||||
smbd_server_fd() != -1 &&
|
||||
((child = sys_fork())==0)) {
|
||||
char remaddr[INET6_ADDRSTRLEN];
|
||||
|
||||
/* Child code ... */
|
||||
|
||||
/* Stop zombies, the parent explicitly handles
|
||||
@ -622,7 +624,7 @@ static bool open_sockets_smbd(bool is_daemon, bool interactive, const char *smb_
|
||||
|
||||
/* this is needed so that we get decent entries
|
||||
in smbstatus for port 445 connects */
|
||||
set_remote_machine_name(get_peer_addr(smbd_server_fd()),
|
||||
set_remote_machine_name(get_peer_addr(smbd_server_fd(),remaddr),
|
||||
False);
|
||||
|
||||
/* Reset the state of the random
|
||||
|
||||
@ -642,6 +642,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
|
||||
fstring user;
|
||||
fstring dev;
|
||||
int ret;
|
||||
char addr[INET6_ADDRSTRLEN];
|
||||
|
||||
*user = 0;
|
||||
fstrcpy(dev, pdev);
|
||||
@ -757,7 +758,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
|
||||
|
||||
add_session_user(user);
|
||||
|
||||
safe_strcpy(conn->client_address, client_addr(),
|
||||
safe_strcpy(conn->client_address, client_addr(addr),
|
||||
sizeof(conn->client_address)-1);
|
||||
conn->num_files_open = 0;
|
||||
conn->lastused = conn->lastused_count = time(NULL);
|
||||
@ -1204,6 +1205,7 @@ connection_struct *make_connection(const char *service_in, DATA_BLOB password,
|
||||
fstring service;
|
||||
fstring dev;
|
||||
int snum = -1;
|
||||
char addr[INET6_ADDRSTRLEN];
|
||||
|
||||
fstrcpy(dev, pdev);
|
||||
|
||||
@ -1300,7 +1302,7 @@ connection_struct *make_connection(const char *service_in, DATA_BLOB password,
|
||||
}
|
||||
|
||||
DEBUG(0,("%s (%s) couldn't find service %s\n",
|
||||
get_remote_machine_name(), client_addr(), service));
|
||||
get_remote_machine_name(), client_addr(addr), service));
|
||||
*status = NT_STATUS_BAD_NETWORK_NAME;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
@ -69,6 +69,7 @@ bool session_claim(user_struct *vuser)
|
||||
struct db_context *ctx;
|
||||
struct db_record *rec;
|
||||
NTSTATUS status;
|
||||
char addr[INET6_ADDRSTRLEN];
|
||||
|
||||
vuser->session_keystr = NULL;
|
||||
|
||||
@ -160,7 +161,7 @@ bool session_claim(user_struct *vuser)
|
||||
|
||||
hostname = client_name();
|
||||
if (strcmp(hostname, "UNKNOWN") == 0) {
|
||||
hostname = client_addr();
|
||||
hostname = client_addr(addr);
|
||||
}
|
||||
|
||||
fstrcpy(sessionid.username, vuser->user.unix_name);
|
||||
@ -170,7 +171,7 @@ bool session_claim(user_struct *vuser)
|
||||
sessionid.uid = vuser->uid;
|
||||
sessionid.gid = vuser->gid;
|
||||
fstrcpy(sessionid.remote_machine, get_remote_machine_name());
|
||||
fstrcpy(sessionid.ip_addr_str, client_addr());
|
||||
fstrcpy(sessionid.ip_addr_str, client_addr(addr));
|
||||
sessionid.connect_start = time(NULL);
|
||||
|
||||
if (!smb_pam_claim_session(sessionid.username, sessionid.id_str,
|
||||
|
||||
@ -1307,6 +1307,8 @@ static int shutdown_other_smbds(struct db_record *rec,
|
||||
|
||||
static void setup_new_vc_session(void)
|
||||
{
|
||||
char addr[INET6_ADDRSTRLEN];
|
||||
|
||||
DEBUG(2,("setup_new_vc_session: New VC == 0, if NT4.x "
|
||||
"compatible we would close all old resources.\n"));
|
||||
#if 0
|
||||
@ -1315,7 +1317,7 @@ static void setup_new_vc_session(void)
|
||||
#endif
|
||||
if (lp_reset_on_zero_vc()) {
|
||||
connections_forall(shutdown_other_smbds,
|
||||
CONST_DISCARD(void *,client_addr()));
|
||||
CONST_DISCARD(void *,client_addr(addr)));
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -647,7 +647,8 @@ return the hostname of the client
|
||||
const char *cgi_remote_addr(void)
|
||||
{
|
||||
if (inetd_server) {
|
||||
return get_peer_addr(1);
|
||||
char addr[INET6_ADDRSTRLEN];
|
||||
return get_peer_addr(1,addr);
|
||||
}
|
||||
return getenv("REMOTE_ADDR");
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user