]> git.ipfire.org Git - thirdparty/samba.git/commitdiff
s3-winbind: make the getpeername() checks in cm_prepare_connection IPv6 aware.
authorGünther Deschner <gd@samba.org>
Fri, 14 May 2010 21:21:47 +0000 (23:21 +0200)
committerKarolin Seeger <kseeger@samba.org>
Wed, 19 May 2010 11:16:45 +0000 (13:16 +0200)
Note that this failure was hard to track, as winbind did only log a super helpful
"cm_prepare_connection: Success" debug message.

IPv6 gurus, please check

Successfully tested in two independent IPv6 networks now.

Guenther
(cherry picked from commit 14ac2bb36ee22be6133ca1d069dc5de6c1891f47)

source3/winbindd/winbindd_cm.c

index 670e4941ba35ab67e42a4ddafd683849bdb19489..a0b4c9cd4abb6139f4117e6520195130def5d402 100644 (file)
@@ -794,11 +794,31 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
 
        peeraddr_len = sizeof(peeraddr);
 
-       if ((getpeername((*cli)->fd, &peeraddr, &peeraddr_len) != 0) ||
-           (peeraddr_len != sizeof(struct sockaddr_in)) ||
-           (peeraddr_in->sin_family != PF_INET))
-       {
-               DEBUG(0,("cm_prepare_connection: %s\n", strerror(errno)));
+       if ((getpeername((*cli)->fd, &peeraddr, &peeraddr_len) != 0)) {
+               DEBUG(0,("cm_prepare_connection: getpeername failed with: %s\n",
+                       strerror(errno)));
+               result = NT_STATUS_UNSUCCESSFUL;
+               goto done;
+       }
+
+       if ((peeraddr_len != sizeof(struct sockaddr_in))
+#ifdef HAVE_IPV6
+           && (peeraddr_len != sizeof(struct sockaddr_in6))
+#endif
+           ) {
+               DEBUG(0,("cm_prepare_connection: got unexpected peeraddr len %d\n",
+                       peeraddr_len));
+               result = NT_STATUS_UNSUCCESSFUL;
+               goto done;
+       }
+
+       if ((peeraddr_in->sin_family != PF_INET)
+#ifdef HAVE_IPV6
+           && (peeraddr_in->sin_family != PF_INET6)
+#endif
+           ) {
+               DEBUG(0,("cm_prepare_connection: got unexpected family %d\n",
+                       peeraddr_in->sin_family));
                result = NT_STATUS_UNSUCCESSFUL;
                goto done;
        }