s4-gensec: Added remote and local setter/getter using tsocket.
authorAndreas Schneider <asn@redhat.com>
Wed, 16 Dec 2009 12:27:20 +0000 (13:27 +0100)
committerStefan Metzmacher <metze@samba.org>
Wed, 16 Dec 2009 19:28:37 +0000 (20:28 +0100)
source4/auth/gensec/config.mk
source4/auth/gensec/gensec.c
source4/auth/gensec/gensec.h

index aa52b184fca3e82dfed7bc2f2a0284c6dd71784e..f7cbd5b197672169cddf50d7fe66be8518ab72c4 100644 (file)
@@ -2,7 +2,7 @@
 # Start SUBSYSTEM gensec
 [LIBRARY::gensec]
 PUBLIC_DEPENDENCIES = \
-               CREDENTIALS LIBSAMBA-UTIL LIBCRYPTO ASN1_UTIL samba_socket LIBPACKET
+               CREDENTIALS LIBSAMBA-UTIL LIBCRYPTO ASN1_UTIL samba_socket LIBPACKET LIBTSOCKET
 # End SUBSYSTEM gensec
 #################################
 
index 68f81881e4f2e6e2df8a75896adaec152b5c17fb..7e6a552ef7aaa152d17832810ad0a8923749f328 100644 (file)
 */
 
 #include "includes.h"
+#include "system/network.h"
 #include "lib/events/events.h"
+#include "lib/socket/socket.h"
+#include "lib/tsocket/tsocket.h"
 #include "librpc/rpc/dcerpc.h"
 #include "auth/credentials/credentials.h"
 #include "auth/gensec/gensec.h"
@@ -518,6 +521,8 @@ static NTSTATUS gensec_start(TALLOC_CTX *mem_ctx,
        NT_STATUS_HAVE_NO_MEMORY(*gensec_security);
 
        (*gensec_security)->ops = NULL;
+       (*gensec_security)->local_addr = NULL;
+       (*gensec_security)->remote_addr = NULL;
        (*gensec_security)->private_data = NULL;
 
        ZERO_STRUCT((*gensec_security)->target);
@@ -1159,13 +1164,122 @@ _PUBLIC_ const char *gensec_get_target_hostname(struct gensec_security *gensec_s
        return NULL;
 }
 
-/** 
- * Set (and talloc_reference) local and peer socket addresses onto a socket context on the GENSEC context 
+/**
+ * Set (and talloc_reference) local and peer socket addresses onto a socket
+ * context on the GENSEC context.
  *
  * This is so that kerberos can include these addresses in
  * cryptographic tokens, to avoid certain attacks.
  */
 
+/**
+ * @brief Set the local gensec address.
+ *
+ * @param  gensec_security   The gensec security context to use.
+ *
+ * @param  remote       The local address to set.
+ *
+ * @return              On success NT_STATUS_OK is returned or an NT_STATUS
+ *                      error.
+ */
+_PUBLIC_ NTSTATUS gensec_set_local_address(struct gensec_security *gensec_security,
+               const struct tsocket_address *local)
+{
+       ssize_t socklen;
+       struct sockaddr_storage ss;
+
+       /* set my_addr */
+       socklen = tsocket_address_bsd_sockaddr(local, (struct sockaddr *) &ss,
+                               sizeof(struct sockaddr_storage));
+       if (socklen < 0) {
+               return NT_STATUS_NO_MEMORY;
+       }
+       gensec_security->my_addr = socket_address_from_sockaddr(gensec_security,
+                       (struct sockaddr *) &ss, socklen);
+       if (gensec_security->my_addr == NULL) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       /* set local */
+       TALLOC_FREE(gensec_security->local_addr);
+       gensec_security->local_addr = tsocket_address_copy(local, gensec_security);
+       if (gensec_security->local_addr == NULL) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       return NT_STATUS_OK;
+}
+
+/**
+ * @brief Set the remote gensec address.
+ *
+ * @param  gensec_security   The gensec security context to use.
+ *
+ * @param  remote       The remote address to set.
+ *
+ * @return              On success NT_STATUS_OK is returned or an NT_STATUS
+ *                      error.
+ */
+_PUBLIC_ NTSTATUS gensec_set_remote_address(struct gensec_security *gensec_security,
+               const struct tsocket_address *remote)
+{
+       ssize_t socklen;
+       struct sockaddr_storage ss;
+
+       /* set my_addr */
+       socklen = tsocket_address_bsd_sockaddr(remote, (struct sockaddr *) &ss,
+                               sizeof(struct sockaddr_storage));
+       if (socklen < 0) {
+               return NT_STATUS_NO_MEMORY;
+       }
+       gensec_security->peer_addr = socket_address_from_sockaddr(gensec_security,
+                       (struct sockaddr *) &ss, socklen);
+       if (gensec_security->peer_addr == NULL) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       /* set remote */
+       TALLOC_FREE(gensec_security->remote_addr);
+       gensec_security->remote_addr = tsocket_address_copy(remote, gensec_security);
+       if (gensec_security->remote_addr == NULL) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       return NT_STATUS_OK;
+}
+
+/**
+ * @brief Get the local address from a gensec security context.
+ *
+ * @param  gensec_security   The security context to get the address from.
+ *
+ * @return              The address as tsocket_address which could be NULL if
+ *                      no address is set.
+ */
+_PUBLIC_ const struct tsocket_address *gensec_get_local_address(struct gensec_security *gensec_security)
+{
+       if (gensec_security == NULL) {
+               return NULL;
+       }
+       return gensec_security->local_addr;
+}
+
+/**
+ * @brief Get the remote address from a gensec security context.
+ *
+ * @param  gensec_security   The security context to get the address from.
+ *
+ * @return              The address as tsocket_address which could be NULL if
+ *                      no address is set.
+ */
+_PUBLIC_ const struct tsocket_address *gensec_get_remote_address(struct gensec_security *gensec_security)
+{
+       if (gensec_security == NULL) {
+               return NULL;
+       }
+       return gensec_security->remote_addr;
+}
+
 _PUBLIC_ NTSTATUS gensec_set_my_addr(struct gensec_security *gensec_security, struct socket_address *my_addr) 
 {
        gensec_security->my_addr = my_addr;
@@ -1209,7 +1323,6 @@ _PUBLIC_ struct socket_address *gensec_get_peer_addr(struct gensec_security *gen
 }
 
 
-
 /** 
  * Set the target principal (assuming it it known, say from the SPNEGO reply)
  *  - ensures it is talloc()ed 
index 8c1716e07402a4374bd23e50557a04653fc0be54..6fed4b6d802874c2f439a99aacac9ed84eaefc1e 100644 (file)
@@ -170,6 +170,7 @@ struct gensec_security {
        uint32_t want_features;
        struct tevent_context *event_ctx;
        struct socket_address *my_addr, *peer_addr;
+       struct tsocket_address *local_addr, *remote_addr;
        struct gensec_settings *settings;
        
        /* When we are a server, this may be filled in to provide an
@@ -288,6 +289,15 @@ struct netlogon_creds_CredentialState;
 NTSTATUS dcerpc_schannel_creds(struct gensec_security *gensec_security,
                               TALLOC_CTX *mem_ctx,
                               struct netlogon_creds_CredentialState **creds);
+
+
+NTSTATUS gensec_set_local_address(struct gensec_security *gensec_security,
+               const struct tsocket_address *local);
+NTSTATUS gensec_set_remote_address(struct gensec_security *gensec_security,
+               const struct tsocket_address *remote);
+const struct tsocket_address *gensec_get_local_address(struct gensec_security *gensec_security);
+const struct tsocket_address *gensec_get_remote_address(struct gensec_security *gensec_security);
+
 NTSTATUS gensec_set_peer_addr(struct gensec_security *gensec_security, struct socket_address *peer_addr);
 NTSTATUS gensec_set_my_addr(struct gensec_security *gensec_security, struct socket_address *my_addr);