struct auth_usersupplied_info
{
const char *workstation_name;
- struct socket_address *remote_host;
+ const struct tsocket_address *remote_host;
uint32_t logon_parameters;
struct gensec_sasl_state *gensec_sasl_state;
const char *service = gensec_get_target_service(gensec_security);
const char *target_name = gensec_get_target_hostname(gensec_security);
- struct socket_address *remote_socket_addr = gensec_get_peer_addr(gensec_security);
const struct tsocket_address *tlocal_addr = gensec_get_local_address(gensec_security);
+ const struct tsocket_address *tremote_addr = gensec_get_remote_address(gensec_security);
char *local_addr = NULL;
char *remote_addr = NULL;
int sasl_ret;
tsocket_address_inet_port(tlocal_addr));
}
- if (remote_socket_addr) {
- remote_addr = talloc_asprintf(gensec_sasl_state,
- "%s;%d",
- remote_socket_addr->addr,
- remote_socket_addr->port);
+ if (tremote_addr) {
+ remote_addr = talloc_asprintf(gensec_sasl_state,
+ "%s;%d",
+ tsocket_address_inet_addr_string(tremote_addr, gensec_sasl_state),
+ tsocket_address_inet_port(tremote_addr));
}
gensec_sasl_state->step = 0;
return gensec_security->remote_addr;
}
-_PUBLIC_ struct socket_address *gensec_get_peer_addr(struct gensec_security *gensec_security)
-{
- if (gensec_security->peer_addr) {
- return gensec_security->peer_addr;
- }
-
- /* We could add a 'set sockaddr' call, and do a lookup. This
- * would avoid needing to do system calls if nothing asks.
- * However, this is not appropriate for the peer addres on
- * datagram sockets */
- return NULL;
-}
-
/**
* Set the target principal (assuming it it known, say from the SPNEGO reply)
const char *mech_oid);
const char *gensec_get_name_by_oid(struct gensec_security *gensec_security, const char *oid_string);
struct cli_credentials *gensec_get_credentials(struct gensec_security *gensec_security);
-struct socket_address *gensec_get_peer_addr(struct gensec_security *gensec_security);
NTSTATUS gensec_init(struct loadparm_context *lp_ctx);
NTSTATUS gensec_unseal_packet(struct gensec_security *gensec_security,
TALLOC_CTX *mem_ctx,
krb5_error_code ret;
struct gensec_krb5_state *gensec_krb5_state;
struct cli_credentials *creds;
- const struct socket_address *peer_addr;
- const struct tsocket_address *tlocal_addr;
+ const struct tsocket_address *tlocal_addr, *tremote_addr;
krb5_address my_krb5_addr, peer_krb5_addr;
creds = gensec_get_credentials(gensec_security);
}
}
- peer_addr = gensec_get_peer_addr(gensec_security);
- if (peer_addr && peer_addr->sockaddr) {
- ret = krb5_sockaddr2address(gensec_krb5_state->smb_krb5_context->krb5_context,
- peer_addr->sockaddr, &peer_krb5_addr);
+ tremote_addr = gensec_get_remote_address(gensec_security);
+ if (tremote_addr) {
+ ssize_t socklen;
+ struct sockaddr_storage ss;
+
+ socklen = tsocket_address_bsd_sockaddr(tremote_addr,
+ (struct sockaddr *) &ss,
+ sizeof(struct sockaddr_storage));
+ if (socklen < 0) {
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+ ret = krb5_sockaddr2address(gensec_krb5_state->smb_krb5_context->krb5_context,
+ (const struct sockaddr *) &ss, &peer_krb5_addr);
if (ret) {
DEBUG(1,("gensec_krb5_start: krb5_sockaddr2address (local) failed (%s)\n",
smb_get_krb5_error_message(gensec_krb5_state->smb_krb5_context->krb5_context,
ret = krb5_auth_con_setaddrs(gensec_krb5_state->smb_krb5_context->krb5_context,
gensec_krb5_state->auth_context,
tlocal_addr ? &my_krb5_addr : NULL,
- peer_addr ? &peer_krb5_addr : NULL);
+ tremote_addr ? &peer_krb5_addr : NULL);
if (ret) {
DEBUG(1,("gensec_krb5_start: krb5_auth_con_setaddrs failed (%s)\n",
smb_get_krb5_error_message(gensec_krb5_state->smb_krb5_context->krb5_context,
#include "auth/auth.h"
#include "auth/ntlm/auth_proto.h"
#include "system/passwd.h" /* needed by some systems for struct passwd */
-#include "lib/socket/socket.h"
+#include "lib/socket/socket.h"
+#include "lib/tsocket/tsocket.h"
#include "auth/ntlm/pam_errors.h"
#include "param/param.h"
* if true set up a crack name routine.
*/
- nt_status = smb_pam_start(&pamh, user_info->mapped.account_name, user_info->remote_host ? user_info->remote_host->addr : NULL, pamconv);
+ nt_status = smb_pam_start(&pamh, user_info->mapped.account_name,
+ user_info->remote_host ? tsocket_address_inet_addr_string(user_info->remote_host, ctx) : NULL, pamconv);
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}
[MODULE::auth_unix]
INIT_FUNCTION = auth_unix_init
SUBSYSTEM = auth
-PRIVATE_DEPENDENCIES = CRYPT PAM PAM_ERRORS NSS_WRAPPER UID_WRAPPER
+PRIVATE_DEPENDENCIES = CRYPT PAM PAM_ERRORS NSS_WRAPPER UID_WRAPPER LIBTSOCKET
auth_unix_OBJ_FILES = $(addprefix $(authsrcdir)/ntlm/, auth_unix.o)
#include "includes.h"
#include "system/network.h"
+#include "lib/tsocket/tsocket.h"
#include "auth/ntlmssp/ntlmssp.h"
#include "../libcli/auth/libcli_auth.h"
#include "../lib/crypto/crypto.h"
user_info->client.account_name = gensec_ntlmssp_state->user;
user_info->client.domain_name = gensec_ntlmssp_state->domain;
user_info->workstation_name = gensec_ntlmssp_state->workstation;
- user_info->remote_host = gensec_get_peer_addr(gensec_ntlmssp_state->gensec_security);
+ user_info->remote_host = gensec_get_remote_address(gensec_ntlmssp_state->gensec_security);
user_info->password_state = AUTH_PASSWORD_RESPONSE;
user_info->password.response.lanman = gensec_ntlmssp_state->lm_resp;