krb5_pa_data ***e_data);
void krb5_db_audit_as_req(krb5_context kcontext, krb5_kdc_req *request,
- krb5_address *from, krb5_db_entry *client,
- krb5_db_entry *server, krb5_timestamp authtime,
- krb5_error_code error_code);
+ const krb5_address *remote_addr,
+ krb5_db_entry *client, krb5_db_entry *server,
+ krb5_timestamp authtime, krb5_error_code error_code);
void krb5_db_refresh_config(krb5_context kcontext);
* AS request.
*/
void (*audit_as_req)(krb5_context kcontext, krb5_kdc_req *request,
- krb5_address *from, krb5_db_entry *client,
- krb5_db_entry *server, krb5_timestamp authtime,
- krb5_error_code error_code);
+ const krb5_address *remote_addr,
+ krb5_db_entry *client, krb5_db_entry *server,
+ krb5_timestamp authtime, krb5_error_code error_code);
/* Note: there is currently no method for auditing TGS requests. */
static krb5_error_code
process_chpw_request(krb5_context context, void *server_handle, char *realm,
- krb5_keytab keytab, const krb5_fulladdr *local_faddr,
- const krb5_fulladdr *remote_faddr, krb5_data *req,
+ krb5_keytab keytab, const krb5_fulladdr *local_addr,
+ const krb5_fulladdr *remote_addr, krb5_data *req,
krb5_data *rep)
{
krb5_error_code ret;
struct sockaddr_storage ss;
socklen_t salen;
char addrbuf[100];
- krb5_address *addr = remote_faddr->address;
+ krb5_address *addr = remote_addr->address;
*rep = empty_data();
sin->sin_family = AF_INET;
memcpy(&sin->sin_addr, addr->contents, addr->length);
- sin->sin_port = htons(remote_faddr->port);
+ sin->sin_port = htons(remote_addr->port);
salen = sizeof(*sin);
break;
}
sin6->sin6_family = AF_INET6;
memcpy(&sin6->sin6_addr, addr->contents, addr->length);
- sin6->sin6_port = htons(remote_faddr->port);
+ sin6->sin6_port = htons(remote_addr->port);
salen = sizeof(*sin6);
break;
}
if (ap_rep.length) {
ret = krb5_auth_con_setaddrs(context, auth_context,
- local_faddr->address, NULL);
+ local_addr->address, NULL);
if (ret) {
numresult = KRB5_KPASSWD_HARDERROR;
strlcpy(strresult,
/* Dispatch routine for set/change password */
void
dispatch(void *handle, struct sockaddr *local_saddr,
- const krb5_fulladdr *remote_faddr, krb5_data *request, int is_tcp,
+ const krb5_fulladdr *remote_addr, krb5_data *request, int is_tcp,
verto_ctx *vctx, loop_respond_fn respond, void *arg)
{
krb5_error_code ret;
server_handle->params.realm,
kt,
&local_faddr,
- remote_faddr,
+ remote_addr,
request,
response);
egress:
void
dispatch(void *cb, struct sockaddr *local_saddr,
- const krb5_fulladdr *from, krb5_data *pkt, int is_tcp,
+ const krb5_fulladdr *remote_addr, krb5_data *pkt, int is_tcp,
verto_ctx *vctx, loop_respond_fn respond, void *arg)
{
krb5_error_code retval;
const char *name = 0;
char buf[46];
- name = inet_ntop (ADDRTYPE2FAMILY (from->address->addrtype),
- from->address->contents, buf, sizeof (buf));
+ name = inet_ntop(ADDRTYPE2FAMILY(remote_addr->address->addrtype),
+ remote_addr->address->contents, buf, sizeof(buf));
if (name == 0)
name = "[unknown address type]";
if (response)
/* try TGS_REQ first; they are more common! */
if (krb5_is_tgs_req(pkt)) {
- retval = process_tgs_req(handle, pkt, from, &response);
+ retval = process_tgs_req(handle, pkt, remote_addr, &response);
} else if (krb5_is_as_req(pkt)) {
if (!(retval = decode_krb5_as_req(pkt, &as_req))) {
/*
*/
state->active_realm = setup_server_realm(handle, as_req->server);
if (state->active_realm != NULL) {
- process_as_req(as_req, pkt, from, state->active_realm, vctx,
- finish_dispatch_cache, state);
+ process_as_req(as_req, pkt, remote_addr, state->active_realm,
+ vctx, finish_dispatch_cache, state);
return;
} else {
retval = KRB5KDC_ERR_WRONG_REALM;
struct kdc_request_state *rstate;
char *sname, *cname;
void *pa_context;
- const krb5_fulladdr *from;
+ const krb5_fulladdr *remote_addr;
krb5_data **auth_indicators;
krb5_error_code preauth_err;
state->reply.enc_part.ciphertext.length);
free(state->reply.enc_part.ciphertext.data);
- log_as_req(kdc_context, state->from, state->request, &state->reply,
+ log_as_req(kdc_context, state->remote_addr, state->request, &state->reply,
state->client, state->cname, state->server,
state->sname, state->authtime, 0, 0, 0);
did_log = 1;
emsg = krb5_get_error_message(kdc_context, errcode);
if (state->status) {
- log_as_req(kdc_context,
- state->from, state->request, &state->reply, state->client,
- state->cname, state->server, state->sname, state->authtime,
- state->status, errcode, emsg);
+ log_as_req(kdc_context, state->remote_addr, state->request,
+ &state->reply, state->client, state->cname, state->server,
+ state->sname, state->authtime, state->status, errcode,
+ emsg);
did_log = 1;
}
if (errcode) {
/*ARGSUSED*/
void
process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
- const krb5_fulladdr *from, kdc_realm_t *kdc_active_realm,
+ const krb5_fulladdr *remote_addr, kdc_realm_t *kdc_active_realm,
verto_ctx *vctx, loop_respond_fn respond, void *arg)
{
krb5_error_code errcode;
state->arg = arg;
state->request = request;
state->req_pkt = req_pkt;
- state->from = from;
+ state->remote_addr = remote_addr;
state->active_realm = kdc_active_realm;
errcode = kdc_make_rstate(kdc_active_realm, &state->rstate);
}
/* Initialize audit state. */
- errcode = kau_init_kdc_req(kdc_context, state->request, from, &au_state);
+ errcode = kau_init_kdc_req(kdc_context, state->request, remote_addr,
+ &au_state);
if (errcode) {
(*respond)(arg, errcode, NULL);
kdc_free_rstate(state->rstate);
/* Someday, pass local address/port as well. */
/* Currently no info about name canonicalization is logged. */
void
-log_as_req(krb5_context context, const krb5_fulladdr *from,
+log_as_req(krb5_context context, const krb5_fulladdr *remote_addr,
krb5_kdc_req *request, krb5_kdc_rep *reply,
krb5_db_entry *client, const char *cname,
krb5_db_entry *server, const char *sname,
const char *cname2 = cname ? cname : "<unknown client>";
const char *sname2 = sname ? sname : "<unknown server>";
- fromstring = inet_ntop(ADDRTYPE2FAMILY (from->address->addrtype),
- from->address->contents,
+ fromstring = inet_ntop(ADDRTYPE2FAMILY(remote_addr->address->addrtype),
+ remote_addr->address->contents,
fromstringbuf, sizeof(fromstringbuf));
if (!fromstring)
fromstring = "<unknown>";
ktypestr, fromstring, status,
cname2, sname2, emsg ? ", " : "", emsg ? emsg : "");
}
- krb5_db_audit_as_req(context, request, from->address, client, server,
- authtime, errcode);
+ krb5_db_audit_as_req(context, request, remote_addr->address, client,
+ server, authtime, errcode);
#if 0
/* Sun (OpenSolaris) version would probably something like this.
The client and server names passed can be null, unlike in the
logging routines used above. Note that a struct in_addr is
used, but the real address could be an IPv6 address. */
- audit_krb5kdc_as_req(some in_addr *, (in_port_t)from->port, 0,
+ audit_krb5kdc_as_req(some in_addr *, (in_port_t)remote_addr->port, 0,
cname, sname, errcode);
#endif
}
krb5_db_entry *server, krb5_enc_tkt_part *tkt);
void
-log_as_req(krb5_context context, const krb5_fulladdr *from,
+log_as_req(krb5_context context, const krb5_fulladdr *remote_addr,
krb5_kdc_req *request, krb5_kdc_rep *reply,
krb5_db_entry *client, const char *cname,
krb5_db_entry *server, const char *sname,
struct sockaddr_storage addr_s;
socklen_t addrlen;
char addrbuf[56];
- krb5_fulladdr faddr;
- krb5_address kaddr;
+ krb5_address remote_addr_buf;
+ krb5_fulladdr remote_addr;
/* Incoming data (TCP) */
size_t bufsiz;
void *handle;
const char *prog;
int port_fd;
- krb5_address addr;
- krb5_fulladdr faddr;
+ krb5_address remote_addr_buf;
+ krb5_fulladdr remote_addr;
socklen_t saddr_len;
socklen_t daddr_len;
struct sockaddr_storage saddr;
state->request.length = cc;
state->request.data = state->pktbuf;
- state->faddr.address = &state->addr;
- init_addr(&state->faddr, ss2sa(&state->saddr));
+
+ state->remote_addr.address = &state->remote_addr_buf;
+ init_addr(&state->remote_addr, ss2sa(&state->saddr));
+
/* This address is in net order. */
- dispatch(state->handle, ss2sa(&state->daddr), &state->faddr,
+ dispatch(state->handle, ss2sa(&state->daddr), &state->remote_addr,
&state->request, 0, ctx, process_packet_response, state);
}
return;
}
newconn->offset = 0;
- newconn->faddr.address = &newconn->kaddr;
- init_addr(&newconn->faddr, ss2sa(&newconn->addr_s));
+ newconn->remote_addr.address = &newconn->remote_addr_buf;
+ init_addr(&newconn->remote_addr, ss2sa(&newconn->addr_s));
SG_SET(&newconn->sgbuf[0], newconn->lenbuf, 4);
SG_SET(&newconn->sgbuf[1], 0, 0);
}
goto kill_tcp_connection;
}
- dispatch(state->conn->handle, ss2sa(&state->local_saddr), &conn->faddr,
- &state->request, 1, ctx, process_tcp_response, state);
+ dispatch(state->conn->handle, ss2sa(&state->local_saddr),
+ &conn->remote_addr, &state->request, 1, ctx,
+ process_tcp_response, state);
}
return;
if (++tcp_or_rpc_data_counter > max_tcp_or_rpc_data_connections)
kill_lru_tcp_or_rpc_connection(newconn->handle, newev);
- newconn->faddr.address = &newconn->kaddr;
- init_addr(&newconn->faddr, ss2sa(&newconn->addr_s));
+ newconn->remote_addr.address = &newconn->remote_addr_buf;
+ init_addr(&newconn->remote_addr, ss2sa(&newconn->addr_s));
}
}
void
krb5_db_audit_as_req(krb5_context kcontext, krb5_kdc_req *request,
- krb5_address *from, krb5_db_entry *client,
+ const krb5_address *remote_addr, krb5_db_entry *client,
krb5_db_entry *server, krb5_timestamp authtime,
krb5_error_code error_code)
{
status = get_vftabl(kcontext, &v);
if (status || v->audit_as_req == NULL)
return;
- v->audit_as_req(kcontext, request, from, client, server, authtime,
+ v->audit_as_req(kcontext, request, remote_addr, client, server, authtime,
error_code);
}
(kcontext, request, client, server, kdc_time, status, e_data));
WRAP_VOID (krb5_db2_audit_as_req,
- (krb5_context kcontext, krb5_kdc_req *request, krb5_address *from,
+ (krb5_context kcontext, krb5_kdc_req *request,
+ const krb5_address *remote_addr,
krb5_db_entry *client, krb5_db_entry *server,
krb5_timestamp authtime, krb5_error_code error_code),
- (kcontext, request, from, client, server, authtime, error_code));
+ (kcontext, request, remote_addr, client, server,
+ authtime, error_code));
static krb5_error_code
hack_init (void)
void
krb5_db2_audit_as_req(krb5_context kcontext, krb5_kdc_req *request,
- krb5_address *from, krb5_db_entry *client,
+ const krb5_address *remote_addr, krb5_db_entry *client,
krb5_db_entry *server, krb5_timestamp authtime,
krb5_error_code error_code)
{
void
krb5_db2_audit_as_req(krb5_context kcontext, krb5_kdc_req *request,
- krb5_address *from, krb5_db_entry *client,
- krb5_db_entry *server, krb5_timestamp authtime,
+ const krb5_address *remote_addr,
+ krb5_db_entry *client, krb5_db_entry *server,
+ krb5_timestamp authtime,
krb5_error_code error_code);
#endif /* KRB5_KDB_DB2_H */
void
krb5_ldap_audit_as_req(krb5_context kcontext, krb5_kdc_req *request,
- krb5_address *from, krb5_db_entry *client,
+ const krb5_address *remote_addr, krb5_db_entry *client,
krb5_db_entry *server, krb5_timestamp authtime,
krb5_error_code error_code)
{
void
krb5_ldap_audit_as_req(krb5_context kcontext, krb5_kdc_req *request,
- krb5_address *from, krb5_db_entry *client,
+ const krb5_address *remote_addr, krb5_db_entry *client,
krb5_db_entry *server, krb5_timestamp authtime,
krb5_error_code error_code);
projects / thirdparty / krb5.git / commitdiff
