From: Andreas Schneider Date: Fri, 19 May 2017 08:31:25 +0000 (+0200) Subject: Consistently name and constify address variables X-Git-Tag: krb5-1.16-beta1~54 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1a5a1cd58349ec2fd906a02013526c8800d973c7;p=thirdparty%2Fkrb5.git Consistently name and constify address variables In libkdb5, libapputils, the KDC, kadmind, and both KDB modules, use the name "remote_addr" for the variable containing the remote address. In schpw.c:process_chpw_request(), use the name "local_addr" for the parameter containing the local address. Make the remote_addr parameter const in libkdb5 and the DAL. [ghudson@mit.edu: combined commits and rewrote commit message] --- diff --git a/src/include/kdb.h b/src/include/kdb.h index cadd392882..808e2830f5 100644 --- a/src/include/kdb.h +++ b/src/include/kdb.h @@ -695,9 +695,9 @@ krb5_error_code krb5_db_check_policy_tgs(krb5_context kcontext, krb5_pa_data ***e_data); void krb5_db_audit_as_req(krb5_context kcontext, krb5_kdc_req *request, - krb5_address *from, krb5_db_entry *client, - krb5_db_entry *server, krb5_timestamp authtime, - krb5_error_code error_code); + const krb5_address *remote_addr, + krb5_db_entry *client, krb5_db_entry *server, + krb5_timestamp authtime, krb5_error_code error_code); void krb5_db_refresh_config(krb5_context kcontext); @@ -1357,9 +1357,9 @@ typedef struct _kdb_vftabl { * AS request. */ void (*audit_as_req)(krb5_context kcontext, krb5_kdc_req *request, - krb5_address *from, krb5_db_entry *client, - krb5_db_entry *server, krb5_timestamp authtime, - krb5_error_code error_code); + const krb5_address *remote_addr, + krb5_db_entry *client, krb5_db_entry *server, + krb5_timestamp authtime, krb5_error_code error_code); /* Note: there is currently no method for auditing TGS requests. */ diff --git a/src/kadmin/server/schpw.c b/src/kadmin/server/schpw.c index d89d246b1c..101be9c9e6 100644 --- a/src/kadmin/server/schpw.c +++ b/src/kadmin/server/schpw.c @@ -18,8 +18,8 @@ static krb5_error_code process_chpw_request(krb5_context context, void *server_handle, char *realm, - krb5_keytab keytab, const krb5_fulladdr *local_faddr, - const krb5_fulladdr *remote_faddr, krb5_data *req, + krb5_keytab keytab, const krb5_fulladdr *local_addr, + const krb5_fulladdr *remote_addr, krb5_data *req, krb5_data *rep) { krb5_error_code ret; @@ -42,7 +42,7 @@ process_chpw_request(krb5_context context, void *server_handle, char *realm, struct sockaddr_storage ss; socklen_t salen; char addrbuf[100]; - krb5_address *addr = remote_faddr->address; + krb5_address *addr = remote_addr->address; *rep = empty_data(); @@ -237,7 +237,7 @@ process_chpw_request(krb5_context context, void *server_handle, char *realm, sin->sin_family = AF_INET; memcpy(&sin->sin_addr, addr->contents, addr->length); - sin->sin_port = htons(remote_faddr->port); + sin->sin_port = htons(remote_addr->port); salen = sizeof(*sin); break; } @@ -246,7 +246,7 @@ process_chpw_request(krb5_context context, void *server_handle, char *realm, sin6->sin6_family = AF_INET6; memcpy(&sin6->sin6_addr, addr->contents, addr->length); - sin6->sin6_port = htons(remote_faddr->port); + sin6->sin6_port = htons(remote_addr->port); salen = sizeof(*sin6); break; } @@ -326,7 +326,7 @@ chpwfail: if (ap_rep.length) { ret = krb5_auth_con_setaddrs(context, auth_context, - local_faddr->address, NULL); + local_addr->address, NULL); if (ret) { numresult = KRB5_KPASSWD_HARDERROR; strlcpy(strresult, @@ -437,7 +437,7 @@ bailout: /* Dispatch routine for set/change password */ void dispatch(void *handle, struct sockaddr *local_saddr, - const krb5_fulladdr *remote_faddr, krb5_data *request, int is_tcp, + const krb5_fulladdr *remote_addr, krb5_data *request, int is_tcp, verto_ctx *vctx, loop_respond_fn respond, void *arg) { krb5_error_code ret; @@ -466,7 +466,7 @@ dispatch(void *handle, struct sockaddr *local_saddr, server_handle->params.realm, kt, &local_faddr, - remote_faddr, + remote_addr, request, response); egress: diff --git a/src/kdc/dispatch.c b/src/kdc/dispatch.c index 4ecc234819..b501fb869d 100644 --- a/src/kdc/dispatch.c +++ b/src/kdc/dispatch.c @@ -120,7 +120,7 @@ reseed_random(krb5_context kdc_err_context) void dispatch(void *cb, struct sockaddr *local_saddr, - const krb5_fulladdr *from, krb5_data *pkt, int is_tcp, + const krb5_fulladdr *remote_addr, krb5_data *pkt, int is_tcp, verto_ctx *vctx, loop_respond_fn respond, void *arg) { krb5_error_code retval; @@ -150,8 +150,8 @@ dispatch(void *cb, struct sockaddr *local_saddr, const char *name = 0; char buf[46]; - name = inet_ntop (ADDRTYPE2FAMILY (from->address->addrtype), - from->address->contents, buf, sizeof (buf)); + name = inet_ntop(ADDRTYPE2FAMILY(remote_addr->address->addrtype), + remote_addr->address->contents, buf, sizeof(buf)); if (name == 0) name = "[unknown address type]"; if (response) @@ -177,7 +177,7 @@ dispatch(void *cb, struct sockaddr *local_saddr, /* try TGS_REQ first; they are more common! */ if (krb5_is_tgs_req(pkt)) { - retval = process_tgs_req(handle, pkt, from, &response); + retval = process_tgs_req(handle, pkt, remote_addr, &response); } else if (krb5_is_as_req(pkt)) { if (!(retval = decode_krb5_as_req(pkt, &as_req))) { /* @@ -187,8 +187,8 @@ dispatch(void *cb, struct sockaddr *local_saddr, */ state->active_realm = setup_server_realm(handle, as_req->server); if (state->active_realm != NULL) { - process_as_req(as_req, pkt, from, state->active_realm, vctx, - finish_dispatch_cache, state); + process_as_req(as_req, pkt, remote_addr, state->active_realm, + vctx, finish_dispatch_cache, state); return; } else { retval = KRB5KDC_ERR_WRONG_REALM; diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c index 3be9ca6302..acaa651757 100644 --- a/src/kdc/do_as_req.c +++ b/src/kdc/do_as_req.c @@ -160,7 +160,7 @@ struct as_req_state { struct kdc_request_state *rstate; char *sname, *cname; void *pa_context; - const krb5_fulladdr *from; + const krb5_fulladdr *remote_addr; krb5_data **auth_indicators; krb5_error_code preauth_err; @@ -359,7 +359,7 @@ finish_process_as_req(struct as_req_state *state, krb5_error_code errcode) state->reply.enc_part.ciphertext.length); free(state->reply.enc_part.ciphertext.data); - log_as_req(kdc_context, state->from, state->request, &state->reply, + log_as_req(kdc_context, state->remote_addr, state->request, &state->reply, state->client, state->cname, state->server, state->sname, state->authtime, 0, 0, 0); did_log = 1; @@ -381,10 +381,10 @@ egress: emsg = krb5_get_error_message(kdc_context, errcode); if (state->status) { - log_as_req(kdc_context, - state->from, state->request, &state->reply, state->client, - state->cname, state->server, state->sname, state->authtime, - state->status, errcode, emsg); + log_as_req(kdc_context, state->remote_addr, state->request, + &state->reply, state->client, state->cname, state->server, + state->sname, state->authtime, state->status, errcode, + emsg); did_log = 1; } if (errcode) { @@ -492,7 +492,7 @@ finish_preauth(void *arg, krb5_error_code code) /*ARGSUSED*/ void process_as_req(krb5_kdc_req *request, krb5_data *req_pkt, - const krb5_fulladdr *from, kdc_realm_t *kdc_active_realm, + const krb5_fulladdr *remote_addr, kdc_realm_t *kdc_active_realm, verto_ctx *vctx, loop_respond_fn respond, void *arg) { krb5_error_code errcode; @@ -511,7 +511,7 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt, state->arg = arg; state->request = request; state->req_pkt = req_pkt; - state->from = from; + state->remote_addr = remote_addr; state->active_realm = kdc_active_realm; errcode = kdc_make_rstate(kdc_active_realm, &state->rstate); @@ -522,7 +522,8 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt, } /* Initialize audit state. */ - errcode = kau_init_kdc_req(kdc_context, state->request, from, &au_state); + errcode = kau_init_kdc_req(kdc_context, state->request, remote_addr, + &au_state); if (errcode) { (*respond)(arg, errcode, NULL); kdc_free_rstate(state->rstate); diff --git a/src/kdc/kdc_log.c b/src/kdc/kdc_log.c index 925fc3f33a..13fcfa7ed7 100644 --- a/src/kdc/kdc_log.c +++ b/src/kdc/kdc_log.c @@ -54,7 +54,7 @@ /* Someday, pass local address/port as well. */ /* Currently no info about name canonicalization is logged. */ void -log_as_req(krb5_context context, const krb5_fulladdr *from, +log_as_req(krb5_context context, const krb5_fulladdr *remote_addr, krb5_kdc_req *request, krb5_kdc_rep *reply, krb5_db_entry *client, const char *cname, krb5_db_entry *server, const char *sname, @@ -67,8 +67,8 @@ log_as_req(krb5_context context, const krb5_fulladdr *from, const char *cname2 = cname ? cname : ""; const char *sname2 = sname ? sname : ""; - fromstring = inet_ntop(ADDRTYPE2FAMILY (from->address->addrtype), - from->address->contents, + fromstring = inet_ntop(ADDRTYPE2FAMILY(remote_addr->address->addrtype), + remote_addr->address->contents, fromstringbuf, sizeof(fromstringbuf)); if (!fromstring) fromstring = ""; @@ -89,14 +89,14 @@ log_as_req(krb5_context context, const krb5_fulladdr *from, ktypestr, fromstring, status, cname2, sname2, emsg ? ", " : "", emsg ? emsg : ""); } - krb5_db_audit_as_req(context, request, from->address, client, server, - authtime, errcode); + krb5_db_audit_as_req(context, request, remote_addr->address, client, + server, authtime, errcode); #if 0 /* Sun (OpenSolaris) version would probably something like this. The client and server names passed can be null, unlike in the logging routines used above. Note that a struct in_addr is used, but the real address could be an IPv6 address. */ - audit_krb5kdc_as_req(some in_addr *, (in_port_t)from->port, 0, + audit_krb5kdc_as_req(some in_addr *, (in_port_t)remote_addr->port, 0, cname, sname, errcode); #endif } diff --git a/src/kdc/kdc_util.h b/src/kdc/kdc_util.h index 672f94380a..2f08ca1416 100644 --- a/src/kdc/kdc_util.h +++ b/src/kdc/kdc_util.h @@ -346,7 +346,7 @@ kdc_get_ticket_renewtime(kdc_realm_t *realm, krb5_kdc_req *request, krb5_db_entry *server, krb5_enc_tkt_part *tkt); void -log_as_req(krb5_context context, const krb5_fulladdr *from, +log_as_req(krb5_context context, const krb5_fulladdr *remote_addr, krb5_kdc_req *request, krb5_kdc_rep *reply, krb5_db_entry *client, const char *cname, krb5_db_entry *server, const char *sname, diff --git a/src/lib/apputils/net-server.c b/src/lib/apputils/net-server.c index ee3d743f19..227b4d51e5 100644 --- a/src/lib/apputils/net-server.c +++ b/src/lib/apputils/net-server.c @@ -131,8 +131,8 @@ struct connection { struct sockaddr_storage addr_s; socklen_t addrlen; char addrbuf[56]; - krb5_fulladdr faddr; - krb5_address kaddr; + krb5_address remote_addr_buf; + krb5_fulladdr remote_addr; /* Incoming data (TCP) */ size_t bufsiz; @@ -951,8 +951,8 @@ struct udp_dispatch_state { void *handle; const char *prog; int port_fd; - krb5_address addr; - krb5_fulladdr faddr; + krb5_address remote_addr_buf; + krb5_fulladdr remote_addr; socklen_t saddr_len; socklen_t daddr_len; struct sockaddr_storage saddr; @@ -1084,10 +1084,12 @@ process_packet(verto_ctx *ctx, verto_ev *ev) state->request.length = cc; state->request.data = state->pktbuf; - state->faddr.address = &state->addr; - init_addr(&state->faddr, ss2sa(&state->saddr)); + + state->remote_addr.address = &state->remote_addr_buf; + init_addr(&state->remote_addr, ss2sa(&state->saddr)); + /* This address is in net order. */ - dispatch(state->handle, ss2sa(&state->daddr), &state->faddr, + dispatch(state->handle, ss2sa(&state->daddr), &state->remote_addr, &state->request, 0, ctx, process_packet_response, state); } @@ -1201,8 +1203,8 @@ accept_tcp_connection(verto_ctx *ctx, verto_ev *ev) return; } newconn->offset = 0; - newconn->faddr.address = &newconn->kaddr; - init_addr(&newconn->faddr, ss2sa(&newconn->addr_s)); + newconn->remote_addr.address = &newconn->remote_addr_buf; + init_addr(&newconn->remote_addr, ss2sa(&newconn->addr_s)); SG_SET(&newconn->sgbuf[0], newconn->lenbuf, 4); SG_SET(&newconn->sgbuf[1], 0, 0); } @@ -1356,8 +1358,9 @@ process_tcp_connection_read(verto_ctx *ctx, verto_ev *ev) goto kill_tcp_connection; } - dispatch(state->conn->handle, ss2sa(&state->local_saddr), &conn->faddr, - &state->request, 1, ctx, process_tcp_response, state); + dispatch(state->conn->handle, ss2sa(&state->local_saddr), + &conn->remote_addr, &state->request, 1, ctx, + process_tcp_response, state); } return; @@ -1505,8 +1508,8 @@ accept_rpc_connection(verto_ctx *ctx, verto_ev *ev) if (++tcp_or_rpc_data_counter > max_tcp_or_rpc_data_connections) kill_lru_tcp_or_rpc_connection(newconn->handle, newev); - newconn->faddr.address = &newconn->kaddr; - init_addr(&newconn->faddr, ss2sa(&newconn->addr_s)); + newconn->remote_addr.address = &newconn->remote_addr_buf; + init_addr(&newconn->remote_addr, ss2sa(&newconn->addr_s)); } } diff --git a/src/lib/kdb/kdb5.c b/src/lib/kdb/kdb5.c index b233e99124..02e0a2de6c 100644 --- a/src/lib/kdb/kdb5.c +++ b/src/lib/kdb/kdb5.c @@ -2672,7 +2672,7 @@ krb5_db_check_policy_tgs(krb5_context kcontext, krb5_kdc_req *request, void krb5_db_audit_as_req(krb5_context kcontext, krb5_kdc_req *request, - krb5_address *from, krb5_db_entry *client, + const krb5_address *remote_addr, krb5_db_entry *client, krb5_db_entry *server, krb5_timestamp authtime, krb5_error_code error_code) { @@ -2682,7 +2682,7 @@ krb5_db_audit_as_req(krb5_context kcontext, krb5_kdc_req *request, status = get_vftabl(kcontext, &v); if (status || v->audit_as_req == NULL) return; - v->audit_as_req(kcontext, request, from, client, server, authtime, + v->audit_as_req(kcontext, request, remote_addr, client, server, authtime, error_code); } diff --git a/src/plugins/kdb/db2/db2_exp.c b/src/plugins/kdb/db2/db2_exp.c index 5367d05521..3b42b0aef3 100644 --- a/src/plugins/kdb/db2/db2_exp.c +++ b/src/plugins/kdb/db2/db2_exp.c @@ -166,10 +166,12 @@ WRAP_K (krb5_db2_check_policy_as, (kcontext, request, client, server, kdc_time, status, e_data)); WRAP_VOID (krb5_db2_audit_as_req, - (krb5_context kcontext, krb5_kdc_req *request, krb5_address *from, + (krb5_context kcontext, krb5_kdc_req *request, + const krb5_address *remote_addr, krb5_db_entry *client, krb5_db_entry *server, krb5_timestamp authtime, krb5_error_code error_code), - (kcontext, request, from, client, server, authtime, error_code)); + (kcontext, request, remote_addr, client, server, + authtime, error_code)); static krb5_error_code hack_init (void) diff --git a/src/plugins/kdb/db2/kdb_db2.c b/src/plugins/kdb/db2/kdb_db2.c index 5c0a83cbfa..3ee6fdd605 100644 --- a/src/plugins/kdb/db2/kdb_db2.c +++ b/src/plugins/kdb/db2/kdb_db2.c @@ -1551,7 +1551,7 @@ krb5_db2_check_policy_as(krb5_context kcontext, krb5_kdc_req *request, void krb5_db2_audit_as_req(krb5_context kcontext, krb5_kdc_req *request, - krb5_address *from, krb5_db_entry *client, + const krb5_address *remote_addr, krb5_db_entry *client, krb5_db_entry *server, krb5_timestamp authtime, krb5_error_code error_code) { diff --git a/src/plugins/kdb/db2/kdb_db2.h b/src/plugins/kdb/db2/kdb_db2.h index bc85ba3584..52bc508b58 100644 --- a/src/plugins/kdb/db2/kdb_db2.h +++ b/src/plugins/kdb/db2/kdb_db2.h @@ -134,8 +134,9 @@ krb5_db2_check_policy_as(krb5_context kcontext, krb5_kdc_req *request, void krb5_db2_audit_as_req(krb5_context kcontext, krb5_kdc_req *request, - krb5_address *from, krb5_db_entry *client, - krb5_db_entry *server, krb5_timestamp authtime, + const krb5_address *remote_addr, + krb5_db_entry *client, krb5_db_entry *server, + krb5_timestamp authtime, krb5_error_code error_code); #endif /* KRB5_KDB_DB2_H */ diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c index d13637c6b5..b77989d455 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c @@ -277,7 +277,7 @@ krb5_ldap_check_policy_as(krb5_context kcontext, krb5_kdc_req *request, void krb5_ldap_audit_as_req(krb5_context kcontext, krb5_kdc_req *request, - krb5_address *from, krb5_db_entry *client, + const krb5_address *remote_addr, krb5_db_entry *client, krb5_db_entry *server, krb5_timestamp authtime, krb5_error_code error_code) { diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h index 80d065012b..cf1192bf9c 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h +++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h @@ -282,7 +282,7 @@ krb5_ldap_check_policy_as(krb5_context kcontext, krb5_kdc_req *request, void krb5_ldap_audit_as_req(krb5_context kcontext, krb5_kdc_req *request, - krb5_address *from, krb5_db_entry *client, + const krb5_address *remote_addr, krb5_db_entry *client, krb5_db_entry *server, krb5_timestamp authtime, krb5_error_code error_code);