From c67b17a17985db291931babb31bece9bd287fbb5 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Wed, 13 Nov 2024 22:51:20 -0500 Subject: [PATCH] Refactor libapputils handling of socket addresses Add private libkrb5 APIs for sockaddr-to-krb5-address conversion and for printing socket addresses. Use them in the KDC, kadmind, kprop/kpropd, and trace logging. In net-server.c, do not convert the local and remote socket addresses to krb5_address; instead pass them directly to dispatch(). Convert the addresses where needed in the KDC and kadmind. --- src/include/k5-int.h | 16 +++ src/include/net-server.h | 12 +- src/kadmin/server/schpw.c | 50 ++------ src/kadmin/server/server_stubs.c | 8 +- src/kdc/dispatch.c | 7 +- src/kdc/do_as_req.c | 8 +- src/kdc/do_tgs_req.c | 6 +- src/kdc/kdc_audit.c | 25 ++-- src/kdc/kdc_audit.h | 2 +- src/kdc/kdc_log.c | 32 ++---- src/kdc/kdc_util.c | 12 +- src/kdc/kdc_util.h | 18 +-- src/kprop/kprop.c | 10 +- src/kprop/kprop.h | 3 - src/kprop/kprop_util.c | 37 ------ src/kprop/kpropd.c | 10 +- src/lib/apputils/net-server.c | 189 +++++++------------------------ src/lib/krb5/libkrb5.exports | 3 + src/lib/krb5/os/Makefile.in | 3 + src/lib/krb5/os/addr.c | 91 +++++++++++++++ src/lib/krb5/os/deps | 10 ++ src/lib/krb5/os/t_trace.ref | 4 +- src/lib/krb5/os/trace.c | 13 +-- 23 files changed, 253 insertions(+), 316 deletions(-) create mode 100644 src/lib/krb5/os/addr.c diff --git a/src/include/k5-int.h b/src/include/k5-int.h index 8143dbba75..12eb114a4a 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -2409,4 +2409,20 @@ krb5_error_code k5_hmac_md5(const krb5_data *key, const krb5_crypto_iov *data, size_t num_data, krb5_data *output); +/* + * Translate sa to a krb5_address, putting the result in *out with contents + * aliased from *sa. Return KRB5_PROG_ATYPE_NOSUPP if sa is not an IPv4 or + * IPv6 address. + */ +krb5_error_code +k5_sockaddr_to_address(const struct sockaddr *sa, krb5_address *out); + +/* Place a printable representation of sa (without port) into buf. */ +void +k5_print_addr(const struct sockaddr *sa, char *buf, size_t len); + +/* Place a printable representation of sa (with port) into buf. */ +void +k5_print_addr_port(const struct sockaddr *sa, char *buf, size_t len); + #endif /* _KRB5_INT_H */ diff --git a/src/include/net-server.h b/src/include/net-server.h index 29b235eeb8..14fc23a43a 100644 --- a/src/include/net-server.h +++ b/src/include/net-server.h @@ -35,14 +35,6 @@ /* The delimiter characters supported by the addresses string. */ #define ADDRESSES_DELIM ",; " -typedef struct _krb5_fulladdr { - krb5_address * address; - krb5_ui_4 port; -} krb5_fulladdr; - -/* exported from network.c */ -void init_addr(krb5_fulladdr *, struct sockaddr *); - /* exported from net-server.c */ verto_ctx *loop_init(verto_ev_type types); @@ -88,8 +80,8 @@ void loop_free(verto_ctx *ctx); */ typedef void (*loop_respond_fn)(void *arg, krb5_error_code code, krb5_data *response); -void dispatch(void *handle, const krb5_fulladdr *local_addr, - const krb5_fulladdr *remote_addr, krb5_data *request, +void dispatch(void *handle, const struct sockaddr *local_addr, + const struct sockaddr *remote_addr, krb5_data *request, int is_tcp, verto_ctx *vctx, loop_respond_fn respond, void *arg); krb5_error_code make_toolong_error (void *handle, krb5_data **); diff --git a/src/kadmin/server/schpw.c b/src/kadmin/server/schpw.c index 00465657a9..d366c050a2 100644 --- a/src/kadmin/server/schpw.c +++ b/src/kadmin/server/schpw.c @@ -18,8 +18,8 @@ static krb5_error_code process_chpw_request(krb5_context context, void *server_handle, char *realm, - krb5_keytab keytab, const krb5_fulladdr *local_addr, - const krb5_fulladdr *remote_addr, krb5_data *req, + krb5_keytab keytab, const struct sockaddr *local_addr, + const struct sockaddr *remote_addr, krb5_data *req, krb5_data *rep) { krb5_error_code ret; @@ -33,16 +33,14 @@ process_chpw_request(krb5_context context, void *server_handle, char *realm, krb5_ticket *ticket = NULL; krb5_replay_data replay; krb5_error krberror; + krb5_address laddr; int numresult; char strresult[1024]; char *clientstr = NULL, *targetstr = NULL; const char *errmsg = NULL; size_t clen; char *cdots; - struct sockaddr_storage ss; - socklen_t salen; char addrbuf[100]; - krb5_address *addr = remote_addr->address; *rep = empty_data(); @@ -222,38 +220,7 @@ process_chpw_request(krb5_context context, void *server_handle, char *realm, clen = strlen(clientstr); trunc_name(&clen, &cdots); - switch (addr->addrtype) { - case ADDRTYPE_INET: { - struct sockaddr_in *sin = ss2sin(&ss); - - sin->sin_family = AF_INET; - memcpy(&sin->sin_addr, addr->contents, addr->length); - sin->sin_port = htons(remote_addr->port); - salen = sizeof(*sin); - break; - } - case ADDRTYPE_INET6: { - struct sockaddr_in6 *sin6 = ss2sin6(&ss); - - sin6->sin6_family = AF_INET6; - memcpy(&sin6->sin6_addr, addr->contents, addr->length); - sin6->sin6_port = htons(remote_addr->port); - salen = sizeof(*sin6); - break; - } - default: { - struct sockaddr *sa = ss2sa(&ss); - - sa->sa_family = AF_UNSPEC; - salen = sizeof(*sa); - break; - } - } - - if (getnameinfo(ss2sa(&ss), salen, - addrbuf, sizeof(addrbuf), NULL, 0, - NI_NUMERICHOST | NI_NUMERICSERV) != 0) - strlcpy(addrbuf, "", sizeof(addrbuf)); + k5_print_addr(remote_addr, addrbuf, sizeof(addrbuf)); if (vno == RFC3244_VERSION) { size_t tlen; @@ -319,8 +286,9 @@ chpwfail: cipher = empty_data(); if (ap_rep.length) { - ret = krb5_auth_con_setaddrs(context, auth_context, - local_addr->address, NULL); + if (k5_sockaddr_to_address(local_addr, &laddr) != 0) + abort(); + ret = krb5_auth_con_setaddrs(context, auth_context, &laddr, NULL); if (ret) { numresult = KRB5_KPASSWD_HARDERROR; strlcpy(strresult, @@ -430,8 +398,8 @@ bailout: /* Dispatch routine for set/change password */ void -dispatch(void *handle, const krb5_fulladdr *local_addr, - const krb5_fulladdr *remote_addr, krb5_data *request, int is_tcp, +dispatch(void *handle, const struct sockaddr *local_addr, + const struct sockaddr *remote_addr, krb5_data *request, int is_tcp, verto_ctx *vctx, loop_respond_fn respond, void *arg) { krb5_error_code ret; diff --git a/src/kadmin/server/server_stubs.c b/src/kadmin/server/server_stubs.c index ef7e809b98..87f67874a0 100644 --- a/src/kadmin/server/server_stubs.c +++ b/src/kadmin/server/server_stubs.c @@ -150,15 +150,11 @@ client_addr(SVCXPRT *xprt) static char abuf[128]; struct sockaddr_storage ss; socklen_t len = sizeof(ss); - const char *p = NULL; if (getpeername(xprt->xp_sock, ss2sa(&ss), &len) != 0) return "(unknown)"; - if (ss2sa(&ss)->sa_family == AF_INET) - p = inet_ntop(AF_INET, &ss2sin(&ss)->sin_addr, abuf, sizeof(abuf)); - else if (ss2sa(&ss)->sa_family == AF_INET6) - p = inet_ntop(AF_INET6, &ss2sin6(&ss)->sin6_addr, abuf, sizeof(abuf)); - return (p == NULL) ? "(unknown)" : p; + k5_print_addr(ss2sa(&ss), abuf, sizeof(abuf)); + return abuf; } /* diff --git a/src/kdc/dispatch.c b/src/kdc/dispatch.c index 28def3be47..13d17b6d3a 100644 --- a/src/kdc/dispatch.c +++ b/src/kdc/dispatch.c @@ -87,8 +87,8 @@ finish_dispatch_cache(void *arg, krb5_error_code code, krb5_data *response) } void -dispatch(void *cb, const krb5_fulladdr *local_addr, - const krb5_fulladdr *remote_addr, krb5_data *pkt, int is_tcp, +dispatch(void *cb, const struct sockaddr *local_addr, + const struct sockaddr *remote_addr, krb5_data *pkt, int is_tcp, verto_ctx *vctx, loop_respond_fn respond, void *arg) { krb5_error_code retval; @@ -118,8 +118,7 @@ dispatch(void *cb, const krb5_fulladdr *local_addr, const char *name = 0; char buf[46]; - name = inet_ntop(ADDRTYPE2FAMILY(remote_addr->address->addrtype), - remote_addr->address->contents, buf, sizeof(buf)); + k5_print_addr(remote_addr, buf, sizeof(buf)); if (name == 0) name = "[unknown address type]"; if (response) diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c index 6fb214b778..5d588e5be7 100644 --- a/src/kdc/do_as_req.c +++ b/src/kdc/do_as_req.c @@ -180,8 +180,8 @@ struct as_req_state { struct kdc_request_state *rstate; char *sname, *cname; void *pa_context; - const krb5_fulladdr *local_addr; - const krb5_fulladdr *remote_addr; + const struct sockaddr *local_addr; + const struct sockaddr *remote_addr; krb5_data **auth_indicators; krb5_error_code preauth_err; @@ -468,8 +468,8 @@ finish_preauth(void *arg, krb5_error_code code) /*ARGSUSED*/ void process_as_req(krb5_kdc_req *request, krb5_data *req_pkt, - const krb5_fulladdr *local_addr, - const krb5_fulladdr *remote_addr, kdc_realm_t *realm, + const struct sockaddr *local_addr, + const struct sockaddr *remote_addr, kdc_realm_t *realm, verto_ctx *vctx, loop_respond_fn respond, void *arg) { krb5_context context = realm->realm_context; diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c index 0acc45850f..f74e0c5e78 100644 --- a/src/kdc/do_tgs_req.c +++ b/src/kdc/do_tgs_req.c @@ -590,7 +590,7 @@ cleanup: */ static krb5_error_code gather_tgs_req_info(kdc_realm_t *realm, krb5_kdc_req **reqptr, krb5_data *pkt, - const krb5_fulladdr *from, + const struct sockaddr *from, struct kdc_request_state *fast_state, krb5_audit_state *au_state, struct tgs_req_info *t, const char **status) @@ -955,7 +955,7 @@ check_tgs_req(kdc_realm_t *realm, struct tgs_req_info *t, static krb5_error_code tgs_issue_ticket(kdc_realm_t *realm, struct tgs_req_info *t, krb5_flags tktflags, krb5_ticket_times *times, krb5_data *pkt, - const krb5_fulladdr *from, + const struct sockaddr *from, struct kdc_request_state *fast_state, krb5_audit_state *au_state, const char **status, krb5_data **response) @@ -1162,7 +1162,7 @@ free_req_info(krb5_context context, struct tgs_req_info *t) krb5_error_code process_tgs_req(krb5_kdc_req *request, krb5_data *pkt, - const krb5_fulladdr *from, kdc_realm_t *realm, + const struct sockaddr *from, kdc_realm_t *realm, krb5_data **response) { krb5_context context = realm->realm_context; diff --git a/src/kdc/kdc_audit.c b/src/kdc/kdc_audit.c index 2333171d75..a5e022489c 100644 --- a/src/kdc/kdc_audit.c +++ b/src/kdc/kdc_audit.c @@ -176,29 +176,37 @@ kau_make_tkt_id(krb5_context context, */ krb5_error_code kau_init_kdc_req(krb5_context context, - krb5_kdc_req *request, const krb5_fulladdr *from, + krb5_kdc_req *request, const struct sockaddr *from, krb5_audit_state **state_out) { krb5_error_code ret = 0; krb5_audit_state *state = NULL; + krb5_address addr; + const krb5_address unknown_addr = { KV5M_ADDRESS, 0, 0, NULL }; state = k5calloc(1, sizeof(*state), &ret); if (state == NULL) return ret; + ret = k5_sockaddr_to_address(from, &addr); + if (ret) + addr = unknown_addr; + ret = krb5_copy_addr(context, &addr, &state->cl_addr); + if (ret) + goto cleanup; state->request = request; - state->cl_addr = from->address; - state->cl_port = from->port; + state->cl_port = sa_getport(from); state->stage = AUTHN_REQ_CL; ret = krb5int_random_string(context, state->req_id, sizeof(state->req_id)); - if (ret) { - free(state); - return ret; - } + if (ret) + goto cleanup; *state_out = state; + state = NULL; - return 0; +cleanup: + kau_free_kdc_req(state); + return ret; } /* Free resources allocated by kau_init_kdc_req() and kau_make_tkt_id() @@ -211,6 +219,7 @@ kau_free_kdc_req(krb5_audit_state *state) free(state->tkt_in_id); free(state->tkt_out_id); free(state->evid_tkt_id); + krb5_free_address(NULL, state->cl_addr); free(state); } diff --git a/src/kdc/kdc_audit.h b/src/kdc/kdc_audit.h index c2f2e21770..41ddb389dc 100644 --- a/src/kdc/kdc_audit.h +++ b/src/kdc/kdc_audit.h @@ -47,7 +47,7 @@ kau_make_tkt_id(krb5_context context, krb5_error_code kau_init_kdc_req(krb5_context context, krb5_kdc_req *request, - const krb5_fulladdr *from, krb5_audit_state **au_state); + const struct sockaddr *from, krb5_audit_state **au_state); void kau_free_kdc_req(krb5_audit_state *state); diff --git a/src/kdc/kdc_log.c b/src/kdc/kdc_log.c index 9a8894c9a6..6278d645a2 100644 --- a/src/kdc/kdc_log.c +++ b/src/kdc/kdc_log.c @@ -55,25 +55,21 @@ /* Currently no info about name canonicalization is logged. */ void log_as_req(krb5_context context, - const krb5_fulladdr *local_addr, - const krb5_fulladdr *remote_addr, + const struct sockaddr *local_addr, + const struct sockaddr *remote_addr, krb5_kdc_req *request, krb5_kdc_rep *reply, krb5_db_entry *client, const char *cname, krb5_db_entry *server, const char *sname, krb5_timestamp authtime, const char *status, krb5_error_code errcode, const char *emsg) { - const char *fromstring = 0; - char fromstringbuf[70]; + char fromstring[70]; char *ktypestr = NULL; const char *cname2 = cname ? cname : ""; const char *sname2 = sname ? sname : ""; + krb5_address laddr = { 0 }, raddr = { 0 }; - fromstring = inet_ntop(ADDRTYPE2FAMILY(remote_addr->address->addrtype), - remote_addr->address->contents, - fromstringbuf, sizeof(fromstringbuf)); - if (!fromstring) - fromstring = ""; + k5_print_addr(remote_addr, fromstring, sizeof(fromstring)); ktypestr = ktypes2str(request->ktype, request->nktypes); @@ -92,9 +88,10 @@ log_as_req(krb5_context context, ktypestr ? ktypestr : "", fromstring, status, cname2, sname2, emsg ? ", " : "", emsg ? emsg : ""); } - krb5_db_audit_as_req(context, request, - local_addr->address, remote_addr->address, - client, server, authtime, errcode); + (void)k5_sockaddr_to_address(local_addr, &laddr); + (void)k5_sockaddr_to_address(remote_addr, &raddr); + krb5_db_audit_as_req(context, request, &laddr, &raddr, client, server, + authtime, errcode); free(ktypestr); } @@ -117,7 +114,7 @@ unparse_and_limit(krb5_context ctx, krb5_principal princ, char **str) Currently no info about name canonicalization is logged. */ void -log_tgs_req(krb5_context ctx, const krb5_fulladdr *from, +log_tgs_req(krb5_context ctx, const struct sockaddr *from, krb5_kdc_req *request, krb5_kdc_rep *reply, krb5_principal cprinc, krb5_principal sprinc, krb5_principal altcprinc, @@ -126,16 +123,11 @@ log_tgs_req(krb5_context ctx, const krb5_fulladdr *from, const char *status, krb5_error_code errcode, const char *emsg) { char *ktypestr = NULL, *rep_etypestr = NULL; - const char *fromstring = 0; - char fromstringbuf[70]; + char fromstring[70]; char *cname = NULL, *sname = NULL, *altcname = NULL; char *logcname = NULL, *logsname = NULL, *logaltcname = NULL; - fromstring = inet_ntop(ADDRTYPE2FAMILY(from->address->addrtype), - from->address->contents, - fromstringbuf, sizeof(fromstringbuf)); - if (!fromstring) - fromstring = ""; + k5_print_addr(from, fromstring, sizeof(fromstring)); unparse_and_limit(ctx, cprinc, &cname); logcname = (cname != NULL) ? cname : ""; diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c index e54cc751f9..b7249c083f 100644 --- a/src/kdc/kdc_util.c +++ b/src/kdc/kdc_util.c @@ -142,7 +142,7 @@ comp_cksum(krb5_context kcontext, krb5_data *source, krb5_ticket *ticket, /* If a header ticket is decrypted, *ticket_out is filled in even on error. */ krb5_error_code kdc_process_tgs_req(kdc_realm_t *realm, krb5_kdc_req *request, - const krb5_fulladdr *from, krb5_data *pkt, + const struct sockaddr *from, krb5_data *pkt, krb5_ticket **ticket_out, krb5_db_entry **krbtgt_ptr, krb5_keyblock **tgskey, krb5_keyblock **subkey, krb5_pa_data **pa_tgs_req) @@ -159,6 +159,8 @@ kdc_process_tgs_req(kdc_realm_t *realm, krb5_kdc_req *request, krb5_checksum * his_cksum = NULL; krb5_db_entry * krbtgt = NULL; krb5_ticket * ticket; + krb5_address from_addr; + const krb5_address nomatch_addr = { KV5M_ADDRESS, 0, 0, NULL }; *ticket_out = NULL; *krbtgt_ptr = NULL; @@ -190,8 +192,12 @@ kdc_process_tgs_req(kdc_realm_t *realm, krb5_kdc_req *request, if (retval) goto cleanup; - retval = krb5_auth_con_setaddrs(context, auth_context, NULL, - from->address); + /* If from_addr isn't IPv4 or IPv6, fake up an address that won't be + * matched if the ticket has an address list. */ + retval = k5_sockaddr_to_address(from, &from_addr); + if (retval) + from_addr = nomatch_addr; + retval = krb5_auth_con_setaddrs(context, auth_context, NULL, &from_addr); if (retval) goto cleanup_auth_context; diff --git a/src/kdc/kdc_util.h b/src/kdc/kdc_util.h index 58b2f74ded..3b361e4a46 100644 --- a/src/kdc/kdc_util.h +++ b/src/kdc/kdc_util.h @@ -56,7 +56,7 @@ krb5_error_code kdc_convert_key (krb5_keyblock *, krb5_keyblock *, int); krb5_error_code kdc_process_tgs_req (kdc_realm_t *, krb5_kdc_req *, - const krb5_fulladdr *, + const struct sockaddr *, krb5_data *, krb5_ticket **, krb5_db_entry **krbtgt_ptr, @@ -148,18 +148,18 @@ cammac_check_kdcver(krb5_context context, krb5_cammac *cammac, /* do_as_req.c */ void process_as_req (krb5_kdc_req *, krb5_data *, - const krb5_fulladdr *, const krb5_fulladdr *, kdc_realm_t *, - verto_ctx *, loop_respond_fn, void *); + const struct sockaddr *, const struct sockaddr *, + kdc_realm_t *, verto_ctx *, loop_respond_fn, void *); /* do_tgs_req.c */ krb5_error_code -process_tgs_req (krb5_kdc_req *, krb5_data *, const krb5_fulladdr *, +process_tgs_req (krb5_kdc_req *, krb5_data *, const struct sockaddr *, kdc_realm_t *, krb5_data ** ); /* dispatch.c */ void dispatch (void *, - const krb5_fulladdr *, - const krb5_fulladdr *, + const struct sockaddr *, + const struct sockaddr *, krb5_data *, int, verto_ctx *, @@ -315,15 +315,15 @@ kdc_get_ticket_renewtime(kdc_realm_t *realm, krb5_kdc_req *request, void log_as_req(krb5_context context, - const krb5_fulladdr *local_addr, - const krb5_fulladdr *remote_addr, + const struct sockaddr *local_addr, + const struct sockaddr *remote_addr, krb5_kdc_req *request, krb5_kdc_rep *reply, krb5_db_entry *client, const char *cname, krb5_db_entry *server, const char *sname, krb5_timestamp authtime, const char *status, krb5_error_code errcode, const char *emsg); void -log_tgs_req(krb5_context ctx, const krb5_fulladdr *from, +log_tgs_req(krb5_context ctx, const struct sockaddr *from, krb5_kdc_req *request, krb5_kdc_rep *reply, krb5_principal cprinc, krb5_principal sprinc, krb5_principal altcprinc, diff --git a/src/kprop/kprop.c b/src/kprop/kprop.c index e8f7feb69e..cb5c5267a2 100644 --- a/src/kprop/kprop.c +++ b/src/kprop/kprop.c @@ -217,9 +217,9 @@ static void open_connection(krb5_context context, char *host, int *fd_out) { krb5_error_code retval; + krb5_address addr; GETSOCKNAME_ARG3_TYPE socket_length; struct addrinfo hints, *res, *answers; - struct sockaddr *sa; struct sockaddr_storage my_sin; int s, error; @@ -269,9 +269,11 @@ open_connection(krb5_context context, char *host, int *fd_out) com_err(progname, errno, _("while getting local socket address")); exit(1); } - sa = (struct sockaddr *)&my_sin; - if (sockaddr2krbaddr(context, sa->sa_family, sa, &sender_addr) != 0) { - com_err(progname, errno, _("while converting local address")); + if (k5_sockaddr_to_address(ss2sa(&my_sin), &addr) != 0) + abort(); + retval = krb5_copy_addr(context, &addr, &sender_addr); + if (retval) { + com_err(progname, retval, _("while converting local address")); exit(1); } } diff --git a/src/kprop/kprop.h b/src/kprop/kprop.h index 3a319b5354..5330227fe9 100644 --- a/src/kprop/kprop.h +++ b/src/kprop/kprop.h @@ -36,9 +36,6 @@ /* pathnames are in osconf.h, included via k5-int.h */ -int sockaddr2krbaddr(krb5_context context, int family, struct sockaddr *sa, - krb5_address **dest); - krb5_error_code sn2princ_realm(krb5_context context, const char *hostname, const char *sname, const char *realm, krb5_principal *princ_out); diff --git a/src/kprop/kprop_util.c b/src/kprop/kprop_util.c index 795c676489..94c623a69c 100644 --- a/src/kprop/kprop_util.c +++ b/src/kprop/kprop_util.c @@ -29,43 +29,6 @@ #include "k5-int.h" #include "kprop.h" -#include -#include - -/* - * Convert an IPv4 or IPv6 socket address to a newly allocated krb5_address. - * There is similar code elsewhere in the tree, so this should possibly become - * a libkrb5 API in the future. - */ -krb5_error_code -sockaddr2krbaddr(krb5_context context, int family, struct sockaddr *sa, - krb5_address **dest) -{ - krb5_address addr; - - addr.magic = KV5M_ADDRESS; - if (family == AF_INET) { - const struct sockaddr_in *sa4 = sa2sin(sa); - addr.addrtype = ADDRTYPE_INET; - addr.length = sizeof(sa4->sin_addr); - addr.contents = (krb5_octet *) &sa4->sin_addr; - } else if (family == AF_INET6) { - const struct sockaddr_in6 *sa6 = sa2sin6(sa); - if (IN6_IS_ADDR_V4MAPPED(&sa6->sin6_addr)) { - addr.addrtype = ADDRTYPE_INET; - addr.contents = (krb5_octet *) &sa6->sin6_addr + 12; - addr.length = 4; - } else { - addr.addrtype = ADDRTYPE_INET6; - addr.length = sizeof(sa6->sin6_addr); - addr.contents = (krb5_octet *) &sa6->sin6_addr; - } - } else - return KRB5_PROG_ATYPE_NOSUPP; - - return krb5_copy_addr(context, &addr, dest); -} - /* Construct a host-based principal, similar to krb5_sname_to_principal() but * with a specified realm. */ krb5_error_code diff --git a/src/kprop/kpropd.c b/src/kprop/kpropd.c index be48062ff5..d6deb47382 100644 --- a/src/kprop/kpropd.c +++ b/src/kprop/kpropd.c @@ -1186,6 +1186,7 @@ kerberos_authenticate(krb5_context context, int fd, krb5_principal *clientp, krb5_enctype *etype, struct sockaddr_storage *my_sin) { krb5_error_code retval; + krb5_address addr; krb5_ticket *ticket; struct sockaddr_storage r_sin; GETSOCKNAME_ARG3_TYPE sin_length; @@ -1198,8 +1199,13 @@ kerberos_authenticate(krb5_context context, int fd, krb5_principal *clientp, exit(1); } - sockaddr2krbaddr(context, r_sin.ss_family, (struct sockaddr *)&r_sin, - &receiver_addr); + if (k5_sockaddr_to_address(ss2sa(my_sin), &addr) != 0) + abort(); + retval = krb5_copy_addr(context, &addr, &receiver_addr); + if (retval) { + com_err(progname, retval, _("while converting local address")); + exit(1); + } if (debug) { retval = krb5_unparse_name(context, server, &name); diff --git a/src/lib/apputils/net-server.c b/src/lib/apputils/net-server.c index 18a3392f9a..3713b50266 100644 --- a/src/lib/apputils/net-server.c +++ b/src/lib/apputils/net-server.c @@ -94,27 +94,6 @@ setv6only(int sock, int value) } #endif -static const char * -paddr(struct sockaddr *sa) -{ - static char buf[100]; - char portbuf[10]; - if (getnameinfo(sa, sa_socklen(sa), - buf, sizeof(buf), portbuf, sizeof(portbuf), - NI_NUMERICHOST|NI_NUMERICSERV)) - strlcpy(buf, "", sizeof(buf)); - else { - unsigned int len = sizeof(buf) - strlen(buf); - char *p = buf + strlen(buf); - if (len > 2+strlen(portbuf)) { - *p++ = '.'; - len--; - strncpy(p, portbuf, len); - } - } - return buf; -} - /* KDC data. */ enum conn_type { @@ -141,8 +120,6 @@ struct connection { struct sockaddr_storage addr_s; socklen_t addrlen; char addrbuf[56]; - krb5_address remote_addr_buf; - krb5_fulladdr remote_addr; /* Incoming data (TCP) */ size_t bufsiz; @@ -587,14 +564,15 @@ create_server_socket(struct sockaddr *addr, int type, const char *prog, int *fd_out) { int sock, e; + char addrbuf[128]; *fd_out = -1; sock = socket(addr->sa_family, type, 0); if (sock == -1) { e = errno; - com_err(prog, e, _("Cannot create TCP server socket on %s"), - paddr(addr)); + k5_print_addr_port(addr, addrbuf, sizeof(addrbuf)); + com_err(prog, e, _("Cannot create TCP server socket on %s"), addrbuf); return e; } set_cloexec_fd(sock); @@ -602,8 +580,9 @@ create_server_socket(struct sockaddr *addr, int type, const char *prog, #ifndef _WIN32 /* Windows FD_SETSIZE is a count. */ if (sock >= FD_SETSIZE) { close(sock); + k5_print_addr_port(addr, addrbuf, sizeof(addrbuf)); com_err(prog, 0, _("TCP socket fd number %d (for %s) too high"), - sock, paddr(addr)); + sock, addrbuf); return EMFILE; } #endif @@ -626,7 +605,8 @@ create_server_socket(struct sockaddr *addr, int type, const char *prog, if (bind(sock, addr, sa_socklen(addr)) == -1) { e = errno; - com_err(prog, e, _("Cannot bind server socket on %s"), paddr(addr)); + k5_print_addr_port(addr, addrbuf, sizeof(addrbuf)); + com_err(prog, e, _("Cannot bind server socket on %s"), addrbuf); close(sock); return e; } @@ -695,9 +675,11 @@ setup_socket(struct bind_address *ba, struct sockaddr *sock_address, verto_ev_flag flags; verto_ev *ev = NULL; int sock = -1; + char addrbuf[128]; + k5_print_addr_port(sock_address, addrbuf, sizeof(addrbuf)); krb5_klog_syslog(LOG_DEBUG, _("Setting up %s socket for address %s"), - bind_type_names[ba->type], paddr(sock_address)); + bind_type_names[ba->type], addrbuf); /* Create the socket. */ ret = create_server_socket(sock_address, bind_socktypes[ba->type], prog, @@ -710,7 +692,7 @@ setup_socket(struct bind_address *ba, struct sockaddr *sock_address, if (ba->type == TCP && listen(sock, tcp_listen_backlog) != 0) { ret = errno; com_err(prog, errno, _("Cannot listen on %s server socket on %s"), - bind_type_names[ba->type], paddr(sock_address)); + bind_type_names[ba->type], addrbuf); goto cleanup; } @@ -719,7 +701,7 @@ setup_socket(struct bind_address *ba, struct sockaddr *sock_address, ret = errno; com_err(prog, errno, _("cannot set listening %s socket on %s non-blocking"), - bind_type_names[ba->type], paddr(sock_address)); + bind_type_names[ba->type], addrbuf); goto cleanup; } @@ -727,19 +709,19 @@ setup_socket(struct bind_address *ba, struct sockaddr *sock_address, if (ba->type == TCP && setnolinger(sock) != 0) { ret = errno; com_err(prog, errno, _("cannot set SO_LINGER on %s socket on %s"), - bind_type_names[ba->type], paddr(sock_address)); + bind_type_names[ba->type], addrbuf); goto cleanup; } /* Try to turn on pktinfo for UDP wildcard sockets. */ if (ba->type == UDP && sa_is_wildcard(sock_address)) { krb5_klog_syslog(LOG_DEBUG, _("Setting pktinfo on socket %s"), - paddr(sock_address)); + addrbuf); ret = set_pktinfo(sock, sock_address->sa_family); if (ret) { com_err(prog, ret, _("Cannot request packet info for UDP socket address " - "%s port %d"), paddr(sock_address), ba->port); + "%s port %d"), addrbuf, ba->port); krb5_klog_syslog(LOG_INFO, _("System does not support pktinfo yet " "binding to a wildcard address. " "Packets are not guaranteed to " @@ -812,6 +794,7 @@ setup_addresses(verto_ctx *ctx, void *handle, const char *prog, struct bind_address addr; struct addrinfo hints, *ai_list = NULL, *ai = NULL; verto_callback vcb; + char addrbuf[128]; /* Check to make sure addresses were added to the server. */ if (bind_addresses.n == 0) { @@ -866,10 +849,10 @@ setup_addresses(verto_ctx *ctx, void *handle, const char *prog, tcp_listen_backlog, verto_callbacks[addr.type], bind_conn_types[addr.type]); if (ret) { + k5_print_addr(ai->ai_addr, addrbuf, sizeof(addrbuf)); krb5_klog_syslog(LOG_ERR, _("Failed setting up a %s socket (for %s)"), - bind_type_names[addr.type], - paddr(ai->ai_addr)); + bind_type_names[addr.type], addrbuf); if (ret != EAFNOSUPPORT) goto cleanup; } else { @@ -924,45 +907,10 @@ loop_setup_network(verto_ctx *ctx, void *handle, const char *prog, return 0; } -void -init_addr(krb5_fulladdr *faddr, struct sockaddr *sa) -{ - switch (sa->sa_family) { - case AF_INET: - faddr->address->addrtype = ADDRTYPE_INET; - faddr->address->length = 4; - faddr->address->contents = (krb5_octet *) &sa2sin(sa)->sin_addr; - faddr->port = ntohs(sa2sin(sa)->sin_port); - break; - case AF_INET6: - if (IN6_IS_ADDR_V4MAPPED(&sa2sin6(sa)->sin6_addr)) { - faddr->address->addrtype = ADDRTYPE_INET; - faddr->address->length = 4; - faddr->address->contents = 12 + (krb5_octet *) &sa2sin6(sa)->sin6_addr; - } else { - faddr->address->addrtype = ADDRTYPE_INET6; - faddr->address->length = 16; - faddr->address->contents = (krb5_octet *) &sa2sin6(sa)->sin6_addr; - } - faddr->port = ntohs(sa2sin6(sa)->sin6_port); - break; - default: - faddr->address->addrtype = -1; - faddr->address->length = 0; - faddr->address->contents = 0; - faddr->port = 0; - break; - } -} - struct udp_dispatch_state { void *handle; const char *prog; int port_fd; - krb5_address remote_addr_buf; - krb5_fulladdr remote_addr; - krb5_address local_addr_buf; - krb5_fulladdr local_addr; struct sockaddr_storage saddr; struct sockaddr_storage daddr; aux_addressing_info auxaddr; @@ -988,25 +936,13 @@ process_packet_response(void *arg, krb5_error_code code, krb5_data *response) if (cc == -1) { /* Note that the local address (daddr*) has no port number * info associated with it. */ - char saddrbuf[NI_MAXHOST], sportbuf[NI_MAXSERV]; - char daddrbuf[NI_MAXHOST]; + char sbuf[128], dbuf[128]; int e = errno; - if (getnameinfo(ss2sa(&state->daddr), sa_socklen(ss2sa(&state->daddr)), - daddrbuf, sizeof(daddrbuf), 0, 0, - NI_NUMERICHOST) != 0) { - strlcpy(daddrbuf, "?", sizeof(daddrbuf)); - } - - if (getnameinfo(ss2sa(&state->saddr), sa_socklen(ss2sa(&state->saddr)), - saddrbuf, sizeof(saddrbuf), sportbuf, sizeof(sportbuf), - NI_NUMERICHOST|NI_NUMERICSERV) != 0) { - strlcpy(saddrbuf, "?", sizeof(saddrbuf)); - strlcpy(sportbuf, "?", sizeof(sportbuf)); - } - - com_err(state->prog, e, _("while sending reply to %s/%s from %s"), - saddrbuf, sportbuf, daddrbuf); + k5_print_addr_port(ss2sa(&state->saddr), sbuf, sizeof(sbuf)); + k5_print_addr(ss2sa(&state->daddr), dbuf, sizeof(dbuf)); + com_err(state->prog, e, _("while sending reply to %s from %s"), + sbuf, dbuf); goto out; } if ((size_t)cc != response->length) { @@ -1074,14 +1010,7 @@ process_packet(verto_ctx *ctx, verto_ev *ev) state->request.length = cc; state->request.data = state->pktbuf; - state->remote_addr.address = &state->remote_addr_buf; - init_addr(&state->remote_addr, ss2sa(&state->saddr)); - - state->local_addr.address = &state->local_addr_buf; - init_addr(&state->local_addr, ss2sa(&state->daddr)); - - /* This address is in net order. */ - dispatch(state->handle, &state->local_addr, &state->remote_addr, + dispatch(state->handle, ss2sa(&state->daddr), ss2sa(&state->saddr), &state->request, 0, ctx, process_packet_response, state); } @@ -1124,16 +1053,14 @@ static void accept_tcp_connection(verto_ctx *ctx, verto_ev *ev) { int s; - struct sockaddr_storage addr_s; - struct sockaddr *addr = (struct sockaddr *)&addr_s; - socklen_t addrlen = sizeof(addr_s); + struct sockaddr_storage addr; + socklen_t addrlen = sizeof(addr); struct connection *newconn, *conn; - char tmpbuf[10]; verto_ev_flag flags; verto_ev *newev; conn = verto_get_private(ev); - s = accept(verto_get_fd(ev), addr, &addrlen); + s = accept(verto_get_fd(ev), ss2sa(&addr), &addrlen); if (s < 0) return; set_cloexec_fd(s); @@ -1153,23 +1080,9 @@ accept_tcp_connection(verto_ctx *ctx, verto_ev *ev) } newconn = verto_get_private(newev); - if (getnameinfo((struct sockaddr *)&addr_s, addrlen, - newconn->addrbuf, sizeof(newconn->addrbuf), - tmpbuf, sizeof(tmpbuf), - NI_NUMERICHOST | NI_NUMERICSERV)) - strlcpy(newconn->addrbuf, "???", sizeof(newconn->addrbuf)); - else { - char *p, *end; - p = newconn->addrbuf; - end = p + sizeof(newconn->addrbuf); - p += strlen(p); - if ((size_t)(end - p) > 2 + strlen(tmpbuf)) { - *p++ = '.'; - strlcpy(p, tmpbuf, end - p); - } - } - - newconn->addr_s = addr_s; + k5_print_addr_port(ss2sa(&addr), newconn->addrbuf, + sizeof(newconn->addrbuf)); + newconn->addr_s = addr; newconn->addrlen = addrlen; newconn->bufsiz = 1024 * 1024; newconn->buffer = malloc(newconn->bufsiz); @@ -1186,16 +1099,12 @@ accept_tcp_connection(verto_ctx *ctx, verto_ev *ev) return; } newconn->offset = 0; - newconn->remote_addr.address = &newconn->remote_addr_buf; - init_addr(&newconn->remote_addr, ss2sa(&newconn->addr_s)); SG_SET(&newconn->sgbuf[0], newconn->lenbuf, 4); SG_SET(&newconn->sgbuf[1], 0, 0); } struct tcp_dispatch_state { struct sockaddr_storage local_saddr; - krb5_address local_addr_buf; - krb5_fulladdr local_addr; struct connection *conn; krb5_data request; verto_ctx *ctx; @@ -1342,10 +1251,9 @@ process_tcp_connection_read(verto_ctx *ctx, verto_ev *ev) error_message(errno)); goto kill_tcp_connection; } - state->local_addr.address = &state->local_addr_buf; - init_addr(&state->local_addr, ss2sa(&state->local_saddr)); - dispatch(state->conn->handle, &state->local_addr, &conn->remote_addr, - &state->request, 1, ctx, process_tcp_response, state); + dispatch(state->conn->handle, ss2sa(&state->local_saddr), + ss2sa(&conn->addr_s), &state->request, 1, ctx, + process_tcp_response, state); } return; @@ -1441,11 +1349,9 @@ accept_rpc_connection(verto_ctx *ctx, verto_ev *ev) /* Scan svc_fdset for any new connections. */ for (s = 0; s < FD_SETSIZE; s++) { - struct sockaddr_storage addr_s; - struct sockaddr *addr = (struct sockaddr *) &addr_s; - socklen_t addrlen = sizeof(addr_s); + struct sockaddr_storage addr; + socklen_t addrlen = sizeof(addr); struct connection *newconn; - char tmpbuf[10]; verto_ev *newev; /* If we already have this fd, continue. */ @@ -1460,34 +1366,19 @@ accept_rpc_connection(verto_ctx *ctx, verto_ev *ev) set_cloexec_fd(s); - if (getpeername(s, addr, &addrlen) || - getnameinfo(addr, addrlen, - newconn->addrbuf, - sizeof(newconn->addrbuf), - tmpbuf, sizeof(tmpbuf), - NI_NUMERICHOST | NI_NUMERICSERV)) { - strlcpy(newconn->addrbuf, "???", - sizeof(newconn->addrbuf)); + if (getpeername(s, ss2sa(&addr), &addrlen) != 0) { + strlcpy(newconn->addrbuf, "", sizeof(newconn->addrbuf)); } else { - char *p, *end; - p = newconn->addrbuf; - end = p + sizeof(newconn->addrbuf); - p += strlen(p); - if ((size_t)(end - p) > 2 + strlen(tmpbuf)) { - *p++ = '.'; - strlcpy(p, tmpbuf, end - p); - } + k5_print_addr_port(ss2sa(&addr), newconn->addrbuf, + sizeof(newconn->addrbuf)); } - newconn->addr_s = addr_s; + newconn->addr_s = addr; newconn->addrlen = addrlen; newconn->start_time = time(0); if (++tcp_or_rpc_data_counter > max_tcp_or_rpc_data_connections) kill_lru_tcp_or_rpc_connection(newconn->handle, newev); - - newconn->remote_addr.address = &newconn->remote_addr_buf; - init_addr(&newconn->remote_addr, ss2sa(&newconn->addr_s)); } } diff --git a/src/lib/krb5/libkrb5.exports b/src/lib/krb5/libkrb5.exports index 4c50e935a2..63bc7a86c0 100644 --- a/src/lib/krb5/libkrb5.exports +++ b/src/lib/krb5/libkrb5.exports @@ -169,6 +169,8 @@ k5_plugin_load k5_plugin_load_all k5_plugin_register k5_plugin_register_dyn +k5_print_addr +k5_print_addr_port k5_rc_close k5_rc_get_name k5_rc_resolve @@ -180,6 +182,7 @@ k5_size_context k5_size_keyblock k5_size_principal k5_sname_compare +k5_sockaddr_to_address k5_unmarshal_cred k5_unmarshal_princ k5_unwrap_cammac_svc diff --git a/src/lib/krb5/os/Makefile.in b/src/lib/krb5/os/Makefile.in index e84b5b747e..9a0d286c37 100644 --- a/src/lib/krb5/os/Makefile.in +++ b/src/lib/krb5/os/Makefile.in @@ -13,6 +13,7 @@ RUN_TEST_LOCAL_CONF=$(RUN_SETUP) KRB5_CONFIG=$(srcdir)/td_krb5.conf LC_ALL=C \ STLIBOBJS= \ accessor.o \ + addr.o \ c_ustime.o \ ccdefname.o \ changepw.o \ @@ -60,6 +61,7 @@ STLIBOBJS= \ OBJS= \ $(OUTPRE)accessor.$(OBJEXT) \ + $(OUTPRE)addr.$(OBJEXT) \ $(OUTPRE)c_ustime.$(OBJEXT) \ $(OUTPRE)ccdefname.$(OBJEXT) \ $(OUTPRE)changepw.$(OBJEXT) \ @@ -107,6 +109,7 @@ OBJS= \ SRCS= \ $(srcdir)/accessor.c \ + $(srcdir)/addr.c \ $(srcdir)/c_ustime.c \ $(srcdir)/ccdefname.c \ $(srcdir)/changepw.c \ diff --git a/src/lib/krb5/os/addr.c b/src/lib/krb5/os/addr.c new file mode 100644 index 0000000000..1d8ae75013 --- /dev/null +++ b/src/lib/krb5/os/addr.c @@ -0,0 +1,91 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +/* lib/krb5/os/addr.c - socket address utilities */ +/* + * Copyright (C) 2024 by the Massachusetts Institute of Technology. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "k5-int.h" +#include "socket-utils.h" + +krb5_error_code +k5_sockaddr_to_address(const struct sockaddr *sa, krb5_address *out) +{ + if (sa->sa_family == AF_INET) { + const struct sockaddr_in *sin = sa2sin(sa); + out->addrtype = ADDRTYPE_INET; + out->length = sizeof(sin->sin_addr); + out->contents = (uint8_t *)&sin->sin_addr; + } else if (sa->sa_family == AF_INET6) { + const struct sockaddr_in6 *sin6 = sa2sin6(sa); + if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) { + out->addrtype = ADDRTYPE_INET; + out->contents = (uint8_t *)&sin6->sin6_addr + 12; + out->length = 4; + } else { + out->addrtype = ADDRTYPE_INET6; + out->length = sizeof(sin6->sin6_addr); + out->contents = (uint8_t *)&sin6->sin6_addr; + } + } else { + return KRB5_PROG_ATYPE_NOSUPP; + } + out->magic = KV5M_ADDRESS; + return 0; +} + +void +k5_print_addr(const struct sockaddr *sa, char *buf, size_t len) +{ + if (sa_is_inet(sa)) { + if (getnameinfo(sa, sa_socklen(sa), buf, len, NULL, 0, + NI_NUMERICHOST | NI_NUMERICSERV) != 0) + strlcpy(buf, "", len); + } else { + strlcpy(buf, "", len); + } +} + +void +k5_print_addr_port(const struct sockaddr *sa, char *buf, size_t len) +{ + char addr[64], port[10]; + + if (sa_is_inet(sa)) { + if (getnameinfo(sa, sa_socklen(sa), addr, sizeof(addr), port, + sizeof(port), NI_NUMERICHOST | NI_NUMERICSERV) != 0) { + strlcpy(buf, "", len); + } else if (sa->sa_family == AF_INET) { + (void)snprintf(buf, len, "%s:%s", addr, port); + } else { + (void)snprintf(buf, len, "[%s]:%s", addr, port); + } + } else { + k5_print_addr(sa, buf, len); + } +} diff --git a/src/lib/krb5/os/deps b/src/lib/krb5/os/deps index 9add6eca93..4c052d5502 100644 --- a/src/lib/krb5/os/deps +++ b/src/lib/krb5/os/deps @@ -13,6 +13,16 @@ accessor.so accessor.po $(OUTPRE)accessor.$(OBJEXT): \ $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/plugin.h \ $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ accessor.c os-proto.h +addr.so addr.po $(OUTPRE)addr.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \ + $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ + $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ + $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ + $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ + $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ + $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \ + $(top_srcdir)/include/socket-utils.h addr.c c_ustime.so c_ustime.po $(OUTPRE)c_ustime.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ diff --git a/src/lib/krb5/os/t_trace.ref b/src/lib/krb5/os/t_trace.ref index 044a66999e..79d3b7a99e 100644 --- a/src/lib/krb5/os/t_trace.ref +++ b/src/lib/krb5/os/t_trace.ref @@ -10,8 +10,8 @@ size_t and const char *, as four-character hex hash: 7B9A size_t and const char *, as four-character hex hash: (null) struct remote_address *, show socket type, address, port: stream 0.0.0.0:88 struct remote_address *, show socket type, address, port: dgram 0.0.0.0:88 -struct remote_address *, show socket type, address, port: transport1234 AF_UNSPEC -struct remote_address *, show socket type, address, port: transport1234 af5678 +struct remote_address *, show socket type, address, port: transport1234 +struct remote_address *, show socket type, address, port: transport1234 krb5_data *, display as counted string: example.data krb5_data *, display as counted string: (null) krb5_data *, display as hex bytes: 6578616D706C652E64617461 diff --git a/src/lib/krb5/os/trace.c b/src/lib/krb5/os/trace.c index cc6d3982b0..89e796f694 100644 --- a/src/lib/krb5/os/trace.c +++ b/src/lib/krb5/os/trace.c @@ -180,7 +180,7 @@ trace_format(krb5_context context, const char *fmt, va_list ap) struct remote_address *ra; const krb5_data *d; krb5_data data; - char addrbuf[NI_MAXHOST], portbuf[NI_MAXSERV], tmpbuf[200], *str; + char addrbuf[128], tmpbuf[200], *str; const char *p; krb5_const_principal princ; const krb5_keyblock *keyblock; @@ -255,15 +255,8 @@ trace_format(krb5_context context, const char *fmt, va_list ap) else k5_buf_add_fmt(&buf, "transport%d", ra->transport); - if (getnameinfo((struct sockaddr *)&ra->saddr, ra->len, - addrbuf, sizeof(addrbuf), portbuf, sizeof(portbuf), - NI_NUMERICHOST|NI_NUMERICSERV) != 0) { - if (ra->family == AF_UNSPEC) - k5_buf_add(&buf, " AF_UNSPEC"); - else - k5_buf_add_fmt(&buf, " af%d", ra->family); - } else - k5_buf_add_fmt(&buf, " %s:%s", addrbuf, portbuf); + k5_print_addr_port(ss2sa(&ra->saddr), addrbuf, sizeof(addrbuf)); + k5_buf_add_fmt(&buf, " %s", addrbuf); } else if (strcmp(tmpbuf, "data") == 0) { d = va_arg(ap, krb5_data *); if (d == NULL || (d->length != 0 && d->data == NULL)) -- 2.47.2