diff options
author | Greg Hudson <ghudson@mit.edu> | 2013-11-25 11:46:47 -0500 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2013-11-25 17:03:09 -0500 |
commit | 5384f45e728957da20ecf82d8cf567945a2bbf6e (patch) | |
tree | 263f24b16799eb1391b95879317fd21ef4e2e1f3 /src/kadmin/server/ovsec_kadmd.c | |
parent | 4c57a429760a3b3aa89938a13708742675f9548b (diff) | |
download | krb5-5384f45e728957da20ecf82d8cf567945a2bbf6e.tar.gz krb5-5384f45e728957da20ecf82d8cf567945a2bbf6e.tar.xz krb5-5384f45e728957da20ecf82d8cf567945a2bbf6e.zip |
Correctly log IPv6 addresses in kadmind
Define client_addr() in server_stubs.c and use it consistently in that
file and ipropd_svc.c to get the client address from a transport
handle. In it, call getpeername() on the client socket and use
inet_ntop() on the result, instead of using inet_ntoa() on the IPv4
socket address. Provide a log_badauth2 callback to GSSRPC, so that we
get a transport handle instead of an IPv4 socket address, and use
client_addr() within it instead of inet_ntoa().
ticket: 7770
target_version: 1.12
tags: pullup
Diffstat (limited to 'src/kadmin/server/ovsec_kadmd.c')
-rw-r--r-- | src/kadmin/server/ovsec_kadmd.c | 29 |
1 files changed, 10 insertions, 19 deletions
diff --git a/src/kadmin/server/ovsec_kadmd.c b/src/kadmin/server/ovsec_kadmd.c index 1273b07119..87aa47a804 100644 --- a/src/kadmin/server/ovsec_kadmd.c +++ b/src/kadmin/server/ovsec_kadmd.c @@ -43,7 +43,6 @@ #include <sys/socket.h> #include <unistd.h> #include <netinet/in.h> -#include <arpa/inet.h> /* inet_ntoa */ #include <netdb.h> #include <gssrpc/rpc.h> #include <gssapi/gssapi.h> @@ -71,8 +70,7 @@ gss_name_t gss_kadmin_name = NULL; void *global_server_handle; char *build_princ_name(char *name, char *realm); -void log_badauth(OM_uint32 major, OM_uint32 minor, - struct sockaddr_in *addr, char *data); +void log_badauth(OM_uint32 major, OM_uint32 minor, SVCXPRT *xprt, char *data); void log_badverf(gss_name_t client_name, gss_name_t server_name, struct svc_req *rqst, struct rpc_msg *msg, char *data); @@ -489,11 +487,11 @@ kterr: (void) gss_import_name(&OMret, &in_buf, nt_krb5_name_oid, &gss_changepw_name); - svcauth_gssapi_set_log_badauth_func(log_badauth, NULL); + svcauth_gssapi_set_log_badauth2_func(log_badauth, NULL); svcauth_gssapi_set_log_badverf_func(log_badverf, NULL); svcauth_gssapi_set_log_miscerr_func(log_miscerr, NULL); - svcauth_gss_set_log_badauth_func(log_badauth, NULL); + svcauth_gss_set_log_badauth2_func(log_badauth, NULL); svcauth_gss_set_log_badverf_func(log_badverf, NULL); svcauth_gss_set_log_miscerr_func(log_miscerr, NULL); @@ -770,7 +768,7 @@ void log_badverf(gss_name_t client_name, gss_name_t server_name, OM_uint32 minor; gss_buffer_desc client, server; gss_OID gss_type; - char *a; + const char *a; rpcproc_t proc; unsigned int i; const char *procname; @@ -798,7 +796,7 @@ void log_badverf(gss_name_t client_name, gss_name_t server_name, slen = server.length; } trunc_name(&slen, &sdots); - a = inet_ntoa(rqst->rq_xprt->xp_raddr.sin_addr); + a = client_addr(rqst->rq_xprt); proc = msg->rm_call.cb_proc; procname = NULL; @@ -844,11 +842,8 @@ void log_badverf(gss_name_t client_name, gss_name_t server_name, void log_miscerr(struct svc_req *rqst, struct rpc_msg *msg, char *error, char *data) { - char *a; - - a = inet_ntoa(rqst->rq_xprt->xp_raddr.sin_addr); - krb5_klog_syslog(LOG_NOTICE, _("Miscellaneous RPC error: %s, %s"), a, - error); + krb5_klog_syslog(LOG_NOTICE, _("Miscellaneous RPC error: %s, %s"), + client_addr(rqst->rq_xprt), error); } @@ -870,18 +865,14 @@ void log_miscerr(struct svc_req *rqst, struct rpc_msg *msg, * Logs the GSS-API error via krb5_klog_syslog(); see functional spec for * format. */ -void log_badauth(OM_uint32 major, OM_uint32 minor, - struct sockaddr_in *addr, char *data) +void log_badauth(OM_uint32 major, OM_uint32 minor, SVCXPRT *xprt, char *data) { - char *a; - /* Authentication attempt failed: <IP address>, <GSS-API error */ /* strings> */ - a = inet_ntoa(addr->sin_addr); - krb5_klog_syslog(LOG_NOTICE, _("Authentication attempt failed: %s, " - "GSS-API error strings are:"), a); + "GSS-API error strings are:"), + client_addr(xprt)); log_badauth_display_status(" ", major, minor); krb5_klog_syslog(LOG_NOTICE, _(" GSS-API error strings complete.")); } |