Correctly log IPv6 addresses in kadmind

Define client_addr() in server_stubs.c and use it consistently in that
file and ipropd_svc.c to get the client address from a transport
handle.  In it, call getpeername() on the client socket and use
inet_ntop() on the result, instead of using inet_ntoa() on the IPv4
socket address.  Provide a log_badauth2 callback to GSSRPC, so that we
get a transport handle instead of an IPv4 socket address, and use
client_addr() within it instead of inet_ntoa().

ticket: 7770
target_version: 1.12
tags: pullup

1 files changed, 10 insertions, 19 deletions

diff --git a/src/kadmin/server/ovsec_kadmd.c b/src/kadmin/server/ovsec_kadmd.c
index 1273b07119..87aa47a804 100644
--- a/src/kadmin/server/ovsec_kadmd.c
+++ b/src/kadmin/server/ovsec_kadmd.c
@@ -43,7 +43,6 @@
 #include    <sys/socket.h>
 #include    <unistd.h>
 #include    <netinet/in.h>
-#include    <arpa/inet.h>  /* inet_ntoa */
 #include    <netdb.h>
 #include    <gssrpc/rpc.h>
 #include    <gssapi/gssapi.h>
@@ -71,8 +70,7 @@ gss_name_t gss_kadmin_name = NULL;
 void *global_server_handle;
 
 char *build_princ_name(char *name, char *realm);
-void log_badauth(OM_uint32 major, OM_uint32 minor,
-                 struct sockaddr_in *addr, char *data);
+void log_badauth(OM_uint32 major, OM_uint32 minor, SVCXPRT *xprt, char *data);
 void log_badverf(gss_name_t client_name, gss_name_t server_name,
                  struct svc_req *rqst, struct rpc_msg *msg,
                  char *data);
@@ -489,11 +487,11 @@ kterr:
     (void) gss_import_name(&OMret, &in_buf, nt_krb5_name_oid,
                            &gss_changepw_name);
 
-    svcauth_gssapi_set_log_badauth_func(log_badauth, NULL);
+    svcauth_gssapi_set_log_badauth2_func(log_badauth, NULL);
     svcauth_gssapi_set_log_badverf_func(log_badverf, NULL);
     svcauth_gssapi_set_log_miscerr_func(log_miscerr, NULL);
 
-    svcauth_gss_set_log_badauth_func(log_badauth, NULL);
+    svcauth_gss_set_log_badauth2_func(log_badauth, NULL);
     svcauth_gss_set_log_badverf_func(log_badverf, NULL);
     svcauth_gss_set_log_miscerr_func(log_miscerr, NULL);
 
@@ -770,7 +768,7 @@ void log_badverf(gss_name_t client_name, gss_name_t server_name,
     OM_uint32 minor;
     gss_buffer_desc client, server;
     gss_OID gss_type;
-    char *a;
+    const char *a;
     rpcproc_t proc;
     unsigned int i;
     const char *procname;
@@ -798,7 +796,7 @@ void log_badverf(gss_name_t client_name, gss_name_t server_name,
         slen = server.length;
     }
     trunc_name(&slen, &sdots);
-    a = inet_ntoa(rqst->rq_xprt->xp_raddr.sin_addr);
+    a = client_addr(rqst->rq_xprt);
 
     proc = msg->rm_call.cb_proc;
     procname = NULL;
@@ -844,11 +842,8 @@ void log_badverf(gss_name_t client_name, gss_name_t server_name,
 void log_miscerr(struct svc_req *rqst, struct rpc_msg *msg,
                  char *error, char *data)
 {
-    char *a;
-
-    a = inet_ntoa(rqst->rq_xprt->xp_raddr.sin_addr);
-    krb5_klog_syslog(LOG_NOTICE, _("Miscellaneous RPC error: %s, %s"), a,
-                     error);
+    krb5_klog_syslog(LOG_NOTICE, _("Miscellaneous RPC error: %s, %s"),
+                     client_addr(rqst->rq_xprt), error);
 }
 
 
@@ -870,18 +865,14 @@ void log_miscerr(struct svc_req *rqst, struct rpc_msg *msg,
  * Logs the GSS-API error via krb5_klog_syslog(); see functional spec for
  * format.
  */
-void log_badauth(OM_uint32 major, OM_uint32 minor,
-                 struct sockaddr_in *addr, char *data)
+void log_badauth(OM_uint32 major, OM_uint32 minor, SVCXPRT *xprt, char *data)
 {
-    char *a;
-
     /* Authentication attempt failed: <IP address>, <GSS-API error */
     /* strings> */
 
-    a = inet_ntoa(addr->sin_addr);
-
     krb5_klog_syslog(LOG_NOTICE, _("Authentication attempt failed: %s, "
-                                   "GSS-API error strings are:"), a);
+                                   "GSS-API error strings are:"),
+                     client_addr(xprt));
     log_badauth_display_status("   ", major, minor);
     krb5_klog_syslog(LOG_NOTICE, _("   GSS-API error strings complete."));
 }