extern char *kdb5_util;
extern char *kprop;
extern char *dump_file;
-static char abuf[33];
-
-/* Result is stored in a static buffer and is invalidated by the next call. */
-static const char *client_addr(struct svc_req *svc) {
- strlcpy(abuf, inet_ntoa(svc->rq_xprt->xp_raddr.sin_addr), sizeof(abuf));
- return abuf;
-}
static char *reply_ok_str = "UPDATE_OK";
static char *reply_err_str = "UPDATE_ERROR";
krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, whoami,
client_name, service_name,
- client_addr(rqstp));
+ client_addr(rqstp->rq_xprt));
goto out;
}
obuf,
((kret == 0) ? "success" : error_message(kret)),
client_name, service_name,
- client_addr(rqstp));
+ client_addr(rqstp->rq_xprt));
out:
if (nofork)
DPRINT("%s: Permission denied\n", whoami);
krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, whoami,
client_name, service_name,
- client_addr(rqstp));
+ client_addr(rqstp->rq_xprt));
goto out;
}
DPRINT("%s: spawned resync process %d, client=%s, "
"service=%s, addr=%s\n", whoami, fret, client_name,
- service_name, client_addr(rqstp));
+ service_name, client_addr(rqstp->rq_xprt));
krb5_klog_syslog(LOG_NOTICE,
_("Request: %s, spawned resync process %d, client=%s, service=%s, addr=%s"),
whoami, fret,
client_name, service_name,
- client_addr(rqstp));
+ client_addr(rqstp->rq_xprt));
goto out;
}
krb5_klog_syslog(LOG_ERR,
_("check_rpcsec_auth: failed inquire_context, "
"stat=%u"), maj_stat);
- log_badauth(maj_stat, min_stat,
- &rqstp->rq_xprt->xp_raddr, NULL);
+ log_badauth(maj_stat, min_stat, rqstp->rq_xprt, NULL);
goto fail_name;
}
if (!check_iprop_rpcsec_auth(rqstp)) {
krb5_klog_syslog(LOG_ERR, _("authentication attempt failed: %s, RPC "
"authentication flavor %d"),
- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr),
+ client_addr(rqstp->rq_xprt),
rqstp->rq_cred.oa_flavor);
svcerr_weakauth(transp);
return;
#include <krb5.h>
#include <kadm5/admin.h>
#include <adm_proto.h>
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
#include "misc.h"
#include "kadm5/server_internal.h"
if (rqstp->rq_cred.oa_flavor != AUTH_GSSAPI &&
!check_rpcsec_auth(rqstp)) {
krb5_klog_syslog(LOG_ERR, "Authentication attempt failed: %s, "
- "RPC authentication flavor %d",
- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr),
- rqstp->rq_cred.oa_flavor);
+ "RPC authentication flavor %d",
+ client_addr(rqstp->rq_xprt),
+ rqstp->rq_cred.oa_flavor);
svcerr_weakauth(transp);
return;
}
default:
krb5_klog_syslog(LOG_ERR, "Invalid KADM5 procedure number: %s, %d",
- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr),
- rqstp->rq_proc);
+ client_addr(rqstp->rq_xprt), rqstp->rq_proc);
svcerr_noproc(transp);
return;
}
if (maj_stat != GSS_S_COMPLETE) {
krb5_klog_syslog(LOG_ERR, _("check_rpcsec_auth: failed "
"inquire_context, stat=%u"), maj_stat);
- log_badauth(maj_stat, min_stat,
- &rqstp->rq_xprt->xp_raddr, NULL);
+ log_badauth(maj_stat, min_stat, rqstp->rq_xprt, NULL);
goto fail_name;
}
if ((status != GSS_S_COMPLETE) || (gss_type != gss_nt_krb5_name)) {
krb5_klog_syslog(LOG_ERR, _("gss_to_krb5_name: failed display_name "
"status %d"), status);
- log_badauth(status, minor_stat,
- &rqstp->rq_xprt->xp_raddr, NULL);
+ log_badauth(status, minor_stat, rqstp->rq_xprt, NULL);
return 0;
}
str = malloc(gss_str->length +1);
#include "net-server.h" /* for krb5_fulladdr */
-void
-log_badauth(OM_uint32 major, OM_uint32 minor,
- struct sockaddr_in *addr, char *data);
-
int
setup_gss_names(struct svc_req *, gss_buffer_desc *,
gss_buffer_desc *);
void reset_db(void);
-void log_badauth(OM_uint32 major, OM_uint32 minor,
- struct sockaddr_in *addr, char *data);
+void log_badauth(OM_uint32 major, OM_uint32 minor, SVCXPRT *xprt, char *data);
+
+const char *client_addr(SVCXPRT *xprt);
/* network.c */
#include "net-server.h"
#include <sys/socket.h>
#include <unistd.h>
#include <netinet/in.h>
-#include <arpa/inet.h> /* inet_ntoa */
#include <netdb.h>
#include <gssrpc/rpc.h>
#include <gssapi/gssapi.h>
void *global_server_handle;
char *build_princ_name(char *name, char *realm);
-void log_badauth(OM_uint32 major, OM_uint32 minor,
- struct sockaddr_in *addr, char *data);
+void log_badauth(OM_uint32 major, OM_uint32 minor, SVCXPRT *xprt, char *data);
void log_badverf(gss_name_t client_name, gss_name_t server_name,
struct svc_req *rqst, struct rpc_msg *msg,
char *data);
(void) gss_import_name(&OMret, &in_buf, nt_krb5_name_oid,
&gss_changepw_name);
- svcauth_gssapi_set_log_badauth_func(log_badauth, NULL);
+ svcauth_gssapi_set_log_badauth2_func(log_badauth, NULL);
svcauth_gssapi_set_log_badverf_func(log_badverf, NULL);
svcauth_gssapi_set_log_miscerr_func(log_miscerr, NULL);
- svcauth_gss_set_log_badauth_func(log_badauth, NULL);
+ svcauth_gss_set_log_badauth2_func(log_badauth, NULL);
svcauth_gss_set_log_badverf_func(log_badverf, NULL);
svcauth_gss_set_log_miscerr_func(log_miscerr, NULL);
OM_uint32 minor;
gss_buffer_desc client, server;
gss_OID gss_type;
- char *a;
+ const char *a;
rpcproc_t proc;
unsigned int i;
const char *procname;
slen = server.length;
}
trunc_name(&slen, &sdots);
- a = inet_ntoa(rqst->rq_xprt->xp_raddr.sin_addr);
+ a = client_addr(rqst->rq_xprt);
proc = msg->rm_call.cb_proc;
procname = NULL;
void log_miscerr(struct svc_req *rqst, struct rpc_msg *msg,
char *error, char *data)
{
- char *a;
-
- a = inet_ntoa(rqst->rq_xprt->xp_raddr.sin_addr);
- krb5_klog_syslog(LOG_NOTICE, _("Miscellaneous RPC error: %s, %s"), a,
- error);
+ krb5_klog_syslog(LOG_NOTICE, _("Miscellaneous RPC error: %s, %s"),
+ client_addr(rqst->rq_xprt), error);
}
* Logs the GSS-API error via krb5_klog_syslog(); see functional spec for
* format.
*/
-void log_badauth(OM_uint32 major, OM_uint32 minor,
- struct sockaddr_in *addr, char *data)
+void log_badauth(OM_uint32 major, OM_uint32 minor, SVCXPRT *xprt, char *data)
{
- char *a;
-
/* Authentication attempt failed: <IP address>, <GSS-API error */
/* strings> */
- a = inet_ntoa(addr->sin_addr);
-
krb5_klog_syslog(LOG_NOTICE, _("Authentication attempt failed: %s, "
- "GSS-API error strings are:"), a);
+ "GSS-API error strings are:"),
+ client_addr(xprt));
log_badauth_display_status(" ", major, minor);
krb5_klog_syslog(LOG_NOTICE, _(" GSS-API error strings complete."));
}
*/
#include <k5-platform.h>
+#include <socket-utils.h>
#include <gssapi/gssapi.h>
#include <gssapi/gssapi_krb5.h> /* for gss_nt_krb5_name */
#include <krb5.h>
#include <kadm5/server_internal.h>
#include <kadm5/server_acl.h>
#include <syslog.h>
-#include <arpa/inet.h> /* inet_ntoa */
#include <adm_proto.h> /* krb5_klog_syslog */
#include "misc.h"
free(handle);
}
+/* Result is stored in a static buffer and is invalidated by the next call. */
+const char *
+client_addr(SVCXPRT *xprt)
+{
+ static char abuf[128];
+ struct sockaddr_storage ss;
+ socklen_t len = sizeof(ss);
+ const char *p = NULL;
+
+ if (getpeername(xprt->xp_sock, ss2sa(&ss), &len) != 0)
+ return "(unknown)";
+ if (ss2sa(&ss)->sa_family == AF_INET)
+ p = inet_ntop(AF_INET, &ss2sin(&ss)->sin_addr, abuf, sizeof(abuf));
+ else if (ss2sa(&ss)->sa_family == AF_INET6)
+ p = inet_ntop(AF_INET6, &ss2sin6(&ss)->sin6_addr, abuf, sizeof(abuf));
+ return (p == NULL) ? "(unknown)" : p;
+}
+
/*
* Function: setup_gss_names
*
op, (int)tlen, target, tdots,
(int)clen, (char *)client->value, cdots,
(int)slen, (char *)server->value, sdots,
- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+ client_addr(rqstp->rq_xprt));
}
static int
op, (int)tlen, target, tdots, errmsg,
(int)clen, (char *)client->value, cdots,
(int)slen, (char *)server->value, sdots,
- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+ client_addr(rqstp->rq_xprt));
}
generic_ret *
(int)tlen2, prime_arg2, tdots2,
(int)clen, (char *)client_name.value, cdots,
(int)slen, (char *)service_name.value, sdots,
- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+ client_addr(rqstp->rq_xprt));
} else {
ret.code = kadm5_rename_principal((void *)handle, arg->src,
arg->dest);
errmsg ? errmsg : _("success"),
(int)clen, (char *)client_name.value, cdots,
(int)slen, (char *)service_name.value, sdots,
- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+ client_addr(rqstp->rq_xprt));
if (errmsg != NULL)
krb5_free_error_message(handle->context, errmsg);
errmsg ? errmsg : _("success"),
(int)clen, (char *)client_name.value, cdots,
(int)slen, (char *)service_name.value, sdots,
- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr),
+ client_addr(rqstp->rq_xprt),
ret.api_version & ~(KADM5_API_VERSION_MASK),
rqstp->rq_cred.oa_flavor);
if (errmsg != NULL)
projects / thirdparty / krb5.git / commitdiff
