mirror of
https://github.com/samba-team/samba.git
synced 2024-12-25 23:21:54 +03:00
s4-gensec: Replace gensec_get_my_addr with new tsocket based fn.
This commit is contained in:
parent
226a9db2d9
commit
8ca88042f0
@ -20,6 +20,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
#include "lib/tsocket/tsocket.h"
|
||||
#include "auth/credentials/credentials.h"
|
||||
#include "auth/gensec/gensec.h"
|
||||
#include "auth/gensec/gensec_proto.h"
|
||||
@ -117,8 +118,8 @@ static NTSTATUS gensec_sasl_client_start(struct gensec_security *gensec_security
|
||||
struct gensec_sasl_state *gensec_sasl_state;
|
||||
const char *service = gensec_get_target_service(gensec_security);
|
||||
const char *target_name = gensec_get_target_hostname(gensec_security);
|
||||
struct socket_address *local_socket_addr = gensec_get_my_addr(gensec_security);
|
||||
struct socket_address *remote_socket_addr = gensec_get_peer_addr(gensec_security);
|
||||
const struct tsocket_address *tlocal_addr = gensec_get_local_address(gensec_security);
|
||||
char *local_addr = NULL;
|
||||
char *remote_addr = NULL;
|
||||
int sasl_ret;
|
||||
@ -153,11 +154,11 @@ static NTSTATUS gensec_sasl_client_start(struct gensec_security *gensec_security
|
||||
|
||||
gensec_security->private_data = gensec_sasl_state;
|
||||
|
||||
if (local_socket_addr) {
|
||||
local_addr = talloc_asprintf(gensec_sasl_state,
|
||||
"%s;%d",
|
||||
local_socket_addr->addr,
|
||||
local_socket_addr->port);
|
||||
if (tlocal_addr) {
|
||||
local_addr = talloc_asprintf(gensec_sasl_state,
|
||||
"%s;%d",
|
||||
tsocket_address_inet_addr_string(tlocal_addr, gensec_sasl_state),
|
||||
tsocket_address_inet_port(tlocal_addr));
|
||||
}
|
||||
|
||||
if (remote_socket_addr) {
|
||||
|
@ -1289,17 +1289,6 @@ _PUBLIC_ NTSTATUS gensec_set_peer_addr(struct gensec_security *gensec_security,
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
struct socket_address *gensec_get_my_addr(struct gensec_security *gensec_security)
|
||||
{
|
||||
if (gensec_security->my_addr) {
|
||||
return gensec_security->my_addr;
|
||||
}
|
||||
|
||||
/* We could add a 'set sockaddr' call, and do a lookup. This
|
||||
* would avoid needing to do system calls if nothing asks. */
|
||||
return NULL;
|
||||
}
|
||||
|
||||
_PUBLIC_ struct socket_address *gensec_get_peer_addr(struct gensec_security *gensec_security)
|
||||
{
|
||||
if (gensec_security->peer_addr) {
|
||||
|
@ -28,6 +28,7 @@
|
||||
#include "auth/kerberos/kerberos.h"
|
||||
#include "auth/auth.h"
|
||||
#include "lib/socket/socket.h"
|
||||
#include "lib/tsocket/tsocket.h"
|
||||
#include "librpc/rpc/dcerpc.h"
|
||||
#include "auth/credentials/credentials.h"
|
||||
#include "auth/gensec/gensec.h"
|
||||
@ -89,7 +90,8 @@ static NTSTATUS gensec_krb5_start(struct gensec_security *gensec_security, bool
|
||||
krb5_error_code ret;
|
||||
struct gensec_krb5_state *gensec_krb5_state;
|
||||
struct cli_credentials *creds;
|
||||
const struct socket_address *my_addr, *peer_addr;
|
||||
const struct socket_address *peer_addr;
|
||||
const struct tsocket_address *tlocal_addr;
|
||||
krb5_address my_krb5_addr, peer_krb5_addr;
|
||||
|
||||
creds = gensec_get_credentials(gensec_security);
|
||||
@ -141,10 +143,19 @@ static NTSTATUS gensec_krb5_start(struct gensec_security *gensec_security, bool
|
||||
return NT_STATUS_INTERNAL_ERROR;
|
||||
}
|
||||
|
||||
my_addr = gensec_get_my_addr(gensec_security);
|
||||
if (my_addr && my_addr->sockaddr) {
|
||||
ret = krb5_sockaddr2address(gensec_krb5_state->smb_krb5_context->krb5_context,
|
||||
my_addr->sockaddr, &my_krb5_addr);
|
||||
tlocal_addr = gensec_get_local_address(gensec_security);
|
||||
if (tlocal_addr) {
|
||||
ssize_t socklen;
|
||||
struct sockaddr_storage ss;
|
||||
|
||||
socklen = tsocket_address_bsd_sockaddr(tlocal_addr,
|
||||
(struct sockaddr *) &ss,
|
||||
sizeof(struct sockaddr_storage));
|
||||
if (socklen < 0) {
|
||||
return NT_STATUS_INTERNAL_ERROR;
|
||||
}
|
||||
ret = krb5_sockaddr2address(gensec_krb5_state->smb_krb5_context->krb5_context,
|
||||
(const struct sockaddr *) &ss, &my_krb5_addr);
|
||||
if (ret) {
|
||||
DEBUG(1,("gensec_krb5_start: krb5_sockaddr2address (local) failed (%s)\n",
|
||||
smb_get_krb5_error_message(gensec_krb5_state->smb_krb5_context->krb5_context,
|
||||
@ -169,7 +180,7 @@ static NTSTATUS gensec_krb5_start(struct gensec_security *gensec_security, bool
|
||||
|
||||
ret = krb5_auth_con_setaddrs(gensec_krb5_state->smb_krb5_context->krb5_context,
|
||||
gensec_krb5_state->auth_context,
|
||||
my_addr ? &my_krb5_addr : NULL,
|
||||
tlocal_addr ? &my_krb5_addr : NULL,
|
||||
peer_addr ? &peer_krb5_addr : NULL);
|
||||
if (ret) {
|
||||
DEBUG(1,("gensec_krb5_start: krb5_auth_con_setaddrs failed (%s)\n",
|
||||
|
Loading…
Reference in New Issue
Block a user