[SCM] Samba Shared Repository - branch v3-2-test updated -
initial-v3-2-unstable-174-g95d0127
Jeremy Allison
jra at samba.org
Sun Nov 4 01:50:14 GMT 2007
The branch, v3-2-test has been updated
via 95d01279a5def709d0a5d5ae7224d6286006d120 (commit)
via e848506c858bd16706c1d7f6b4b032005512b8ac (commit)
from d50d14c300abc83b7015718ec48acc8b3227a273 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test
- Log -----------------------------------------------------------------
commit 95d01279a5def709d0a5d5ae7224d6286006d120
Author: Jeremy Allison <jra at samba.org>
Date: Sat Nov 3 18:41:26 2007 -0700
I can't get away without a 'length' arg. :-).
Jeremy.
commit e848506c858bd16706c1d7f6b4b032005512b8ac
Author: Jeremy Allison <jra at samba.org>
Date: Sat Nov 3 18:15:45 2007 -0700
Stop get_peer_addr() and client_addr() from using global
statics. Part of my library cleanups.
Jeremy.
-----------------------------------------------------------------------
Summary of changes:
source/auth/pampass.c | 3 ++-
source/lib/access.c | 10 ++++++----
source/lib/substitute.c | 4 +++-
source/lib/util_sock.c | 30 +++++++++++++++++-------------
source/modules/vfs_expand_msdfs.c | 4 +++-
source/printing/print_cups.c | 3 ++-
source/printing/print_iprint.c | 3 ++-
source/rpc_server/srv_netlog_nt.c | 6 ++++--
source/smbd/connection.c | 3 ++-
source/smbd/process.c | 6 +++++-
source/smbd/server.c | 8 ++++++--
source/smbd/service.c | 8 ++++++--
source/smbd/session.c | 5 +++--
source/smbd/sesssetup.c | 5 ++++-
source/web/cgi.c | 3 ++-
15 files changed, 67 insertions(+), 34 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/auth/pampass.c b/source/auth/pampass.c
index ac3aa3a..c7ec79b 100644
--- a/source/auth/pampass.c
+++ b/source/auth/pampass.c
@@ -455,6 +455,7 @@ static bool smb_pam_start(pam_handle_t **pamh, const char *user, const char *rho
{
int pam_error;
const char *our_rhost;
+ char addr[INET6_ADDRSTRLEN];
*pamh = (pam_handle_t *)NULL;
@@ -469,7 +470,7 @@ static bool smb_pam_start(pam_handle_t **pamh, const char *user, const char *rho
if (rhost == NULL) {
our_rhost = client_name();
if (strequal(our_rhost,"UNKNOWN"))
- our_rhost = client_addr();
+ our_rhost = client_addr(addr,sizeof(addr));
} else {
our_rhost = rhost;
}
diff --git a/source/lib/access.c b/source/lib/access.c
index 7b78017..1e4df83 100644
--- a/source/lib/access.c
+++ b/source/lib/access.c
@@ -346,6 +346,8 @@ bool check_access(int sock, const char **allow_list, const char **deny_list)
ret = true;
if (!ret) {
+ char addr[INET6_ADDRSTRLEN];
+
/* Bypass name resolution calls if the lists
* only contain IP addrs */
if (only_ipaddrs_in_list(allow_list) &&
@@ -356,24 +358,24 @@ bool check_access(int sock, const char **allow_list, const char **deny_list)
ret = allow_access(deny_list,
allow_list,
"",
- get_peer_addr(sock));
+ get_peer_addr(sock,addr,sizeof(addr)));
} else {
DEBUG (3, ("check_access: hostnames in "
"host allow/deny list.\n"));
ret = allow_access(deny_list,
allow_list,
get_peer_name(sock,true),
- get_peer_addr(sock));
+ get_peer_addr(sock,addr,sizeof(addr)));
}
if (ret) {
DEBUG(2,("Allowed connection from %s (%s)\n",
only_ip ? "" : get_peer_name(sock,true),
- get_peer_addr(sock)));
+ get_peer_addr(sock,addr,sizeof(addr))));
} else {
DEBUG(0,("Denied connection from %s (%s)\n",
only_ip ? "" : get_peer_name(sock,true),
- get_peer_addr(sock)));
+ get_peer_addr(sock,addr,sizeof(addr))));
}
}
diff --git a/source/lib/substitute.c b/source/lib/substitute.c
index 07cea81..d4c7cd6 100644
--- a/source/lib/substitute.c
+++ b/source/lib/substitute.c
@@ -449,6 +449,7 @@ char *alloc_sub_basic(const char *smb_name, const char *domain_name,
char *b, *p, *s, *r, *a_string;
fstring pidstr, vnnstr;
struct passwd *pass;
+ char addr[INET6_ADDRSTRLEN];
const char *local_machine_name = get_local_machine_name();
/* workaround to prevent a crash while looking at bug #687 */
@@ -494,7 +495,8 @@ char *alloc_sub_basic(const char *smb_name, const char *domain_name,
a_string = realloc_string_sub(a_string, "%D", r);
break;
case 'I' :
- a_string = realloc_string_sub(a_string, "%I", client_addr());
+ a_string = realloc_string_sub(a_string, "%I",
+ client_addr(addr, sizeof(addr)));
break;
case 'i':
a_string = realloc_string_sub( a_string, "%i", client_socket_addr() );
diff --git a/source/lib/util_sock.c b/source/lib/util_sock.c
index ea33de8..5422bc2 100644
--- a/source/lib/util_sock.c
+++ b/source/lib/util_sock.c
@@ -587,9 +587,10 @@ char *print_canonical_sockaddr(TALLOC_CTX *ctx,
void client_setfd(int fd)
{
+ char addr[INET6_ADDRSTRLEN];
client_fd = fd;
safe_strcpy(client_ip_string,
- get_peer_addr(client_fd),
+ get_peer_addr(client_fd,addr,sizeof(addr)),
sizeof(client_ip_string)-1);
}
@@ -658,9 +659,9 @@ const char *client_name(void)
return get_peer_name(client_fd,false);
}
-const char *client_addr(void)
+const char *client_addr(char *addr, size_t addrlen)
{
- return get_peer_addr(client_fd);
+ return get_peer_addr(client_fd,addr,addrlen);
}
const char *client_socket_addr(void)
@@ -1699,14 +1700,15 @@ int open_udp_socket(const char *host, int port)
******************************************************************/
static const char *get_peer_addr_internal(int fd,
+ char *addr_buf,
+ size_t addr_buf_len,
struct sockaddr_storage *pss,
socklen_t *plength)
{
struct sockaddr_storage ss;
socklen_t length = sizeof(ss);
- static char addr_buf[INET6_ADDRSTRLEN];
- safe_strcpy(addr_buf,"0.0.0.0",sizeof(addr_buf)-1);
+ safe_strcpy(addr_buf,"0.0.0.0",addr_buf_len-1);
if (fd == -1) {
return addr_buf;
@@ -1732,7 +1734,6 @@ static const char *get_peer_addr_internal(int fd,
return addr_buf;
}
-
/*******************************************************************
Matchname - determine if host name matches IP address. Used to
confirm a hostname lookup to prevent spoof attacks.
@@ -1807,10 +1808,12 @@ static bool matchname(const char *remotehost,
Return the DNS name of the remote end of a socket.
******************************************************************/
+static char addr_buf_cache[INET6_ADDRSTRLEN];
+
const char *get_peer_name(int fd, bool force_lookup)
{
- static fstring addr_buf;
static pstring name_buf;
+ char addr_buf[INET6_ADDRSTRLEN];
struct sockaddr_storage ss;
socklen_t length = sizeof(ss);
const char *p;
@@ -1822,13 +1825,14 @@ const char *get_peer_name(int fd, bool force_lookup)
with dns. To avoid the delay we avoid the lookup if
possible */
if (!lp_hostname_lookups() && (force_lookup == false)) {
- return get_peer_addr(fd);
+ pstrcpy(name_buf, get_peer_addr(fd, addr_buf, sizeof(addr_buf)));
+ return name_buf;
}
- p = get_peer_addr_internal(fd, &ss, &length);
+ p = get_peer_addr_internal(fd, addr_buf, sizeof(addr_buf), &ss, &length);
/* it might be the same as the last one - save some DNS work */
- if (strcmp(p, addr_buf) == 0) {
+ if (strcmp(p, addr_buf_cache) == 0) {
return name_buf;
}
@@ -1837,7 +1841,7 @@ const char *get_peer_name(int fd, bool force_lookup)
return name_buf;
}
- fstrcpy(addr_buf, p);
+ safe_strcpy(addr_buf_cache, p, sizeof(addr_buf_cache)-1);
/* Look up the remote host name. */
ret = getnameinfo((struct sockaddr *)&ss,
@@ -1878,9 +1882,9 @@ const char *get_peer_name(int fd, bool force_lookup)
Return the IP addr of the remote end of a socket as a string.
******************************************************************/
-const char *get_peer_addr(int fd)
+const char *get_peer_addr(int fd, char *addr, size_t addr_len)
{
- return get_peer_addr_internal(fd, NULL, NULL);
+ return get_peer_addr_internal(fd, addr, addr_len, NULL, NULL);
}
/*******************************************************************
diff --git a/source/modules/vfs_expand_msdfs.c b/source/modules/vfs_expand_msdfs.c
index e2a4a18..4b670d5 100644
--- a/source/modules/vfs_expand_msdfs.c
+++ b/source/modules/vfs_expand_msdfs.c
@@ -55,6 +55,7 @@ static bool read_target_host(const char *mapfile, pstring targethost)
DEBUG(10, ("Scanning mapfile [%s]\n", mapfile));
while (x_fgets(buf, sizeof(buf), f) != NULL) {
+ char addr[INET6_ADDRSTRLEN];
if ((strlen(buf) > 0) && (buf[strlen(buf)-1] == '\n'))
buf[strlen(buf)-1] = '\0';
@@ -70,7 +71,8 @@ static bool read_target_host(const char *mapfile, pstring targethost)
*space = '\0';
- if (strncmp(client_addr(), buf, strlen(buf)) == 0) {
+ if (strncmp(client_addr(addr,sizeof(addr)),
+ buf, strlen(buf)) == 0) {
found = True;
break;
}
diff --git a/source/printing/print_cups.c b/source/printing/print_cups.c
index e9e4e59..5709d93 100644
--- a/source/printing/print_cups.c
+++ b/source/printing/print_cups.c
@@ -567,6 +567,7 @@ static int cups_job_submit(int snum, struct printjob *pjob)
pstring new_jobname;
int num_options = 0;
cups_option_t *options = NULL;
+ char addr[INET6_ADDRSTRLEN];
DEBUG(5,("cups_job_submit(%d, %p (%d))\n", snum, pjob, pjob->sysjob));
@@ -619,7 +620,7 @@ static int cups_job_submit(int snum, struct printjob *pjob)
clientname = client_name();
if (strcmp(clientname, "UNKNOWN") == 0) {
- clientname = client_addr();
+ clientname = client_addr(addr,sizeof(addr));
}
ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_NAME,
diff --git a/source/printing/print_iprint.c b/source/printing/print_iprint.c
index 18f5e97..6dd1957 100644
--- a/source/printing/print_iprint.c
+++ b/source/printing/print_iprint.c
@@ -727,6 +727,7 @@ static int iprint_job_submit(int snum, struct printjob *pjob)
cups_lang_t *language = NULL; /* Default language */
char uri[HTTP_MAX_URI]; /* printer-uri attribute */
const char *clientname = NULL; /* hostname of client for job-originating-host attribute */
+ char addr[INET6_ADDRSTRLEN];
DEBUG(5,("iprint_job_submit(%d, %p (%d))\n", snum, pjob, pjob->sysjob));
@@ -780,7 +781,7 @@ static int iprint_job_submit(int snum, struct printjob *pjob)
clientname = client_name();
if (strcmp(clientname, "UNKNOWN") == 0) {
- clientname = client_addr();
+ clientname = client_addr(addr,sizeof(addr));
}
ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_NAME,
diff --git a/source/rpc_server/srv_netlog_nt.c b/source/rpc_server/srv_netlog_nt.c
index 13c0f38..f876ee9 100644
--- a/source/rpc_server/srv_netlog_nt.c
+++ b/source/rpc_server/srv_netlog_nt.c
@@ -196,8 +196,10 @@ static NTSTATUS get_md4pw(char *md4pw, char *mach_acct, uint16 sec_chan_type)
const uint8 *pass;
bool ret;
uint32 acct_ctrl;
-
+
#if 0
+ char addr[INET6_ADDRSTRLEN];
+
/*
* Currently this code is redundent as we already have a filter
* by hostname list. What this code really needs to do is to
@@ -208,7 +210,7 @@ static NTSTATUS get_md4pw(char *md4pw, char *mach_acct, uint16 sec_chan_type)
*/
if (!allow_access(lp_domain_hostsdeny(), lp_domain_hostsallow(),
- client_name(), client_addr()))
+ client_name(), client_addr(addr,sizeof(addr))))
{
DEBUG(0,("get_md4pw: Workstation %s denied access to domain\n", mach_acct));
return False;
diff --git a/source/smbd/connection.c b/source/smbd/connection.c
index e9f1b82..f041513 100644
--- a/source/smbd/connection.c
+++ b/source/smbd/connection.c
@@ -128,6 +128,7 @@ bool claim_connection(connection_struct *conn, const char *name,
struct connections_data crec;
TDB_DATA dbuf;
NTSTATUS status;
+ char addr[INET6_ADDRSTRLEN];
DEBUG(5,("claiming [%s]\n", name));
@@ -151,7 +152,7 @@ bool claim_connection(connection_struct *conn, const char *name,
crec.bcast_msg_flags = msg_flags;
strlcpy(crec.machine,get_remote_machine_name(),sizeof(crec.machine));
- strlcpy(crec.addr,conn?conn->client_address:client_addr(),
+ strlcpy(crec.addr,conn?conn->client_address:client_addr(addr,sizeof(addr)),
sizeof(crec.addr));
dbuf.dptr = (uint8 *)&crec;
diff --git a/source/smbd/process.c b/source/smbd/process.c
index 11fdb03..24feac4 100644
--- a/source/smbd/process.c
+++ b/source/smbd/process.c
@@ -1460,15 +1460,19 @@ static void process_smb(char *inbuf, size_t nread, size_t unread_bytes)
DO_PROFILE_INC(smb_count);
if (trans_num == 0) {
+ char addr[INET6_ADDRSTRLEN];
+
/* on the first packet, check the global hosts allow/ hosts
deny parameters before doing any parsing of the packet
passed to us by the client. This prevents attacks on our
parsing code from hosts not in the hosts allow list */
+
if (!check_access(smbd_server_fd(), lp_hostsallow(-1),
lp_hostsdeny(-1))) {
/* send a negative session response "not listening on calling name" */
static unsigned char buf[5] = {0x83, 0, 0, 1, 0x81};
- DEBUG( 1, ( "Connection denied from %s\n", client_addr() ) );
+ DEBUG( 1, ( "Connection denied from %s\n",
+ client_addr(addr,sizeof(addr)) ) );
(void)send_smb(smbd_server_fd(),(char *)buf);
exit_server_cleanly("connection denied");
}
diff --git a/source/smbd/server.c b/source/smbd/server.c
index fa8e163..e77573b 100644
--- a/source/smbd/server.c
+++ b/source/smbd/server.c
@@ -602,6 +602,8 @@ static bool open_sockets_smbd(bool is_daemon, bool interactive, const char *smb_
if (allowable_number_of_smbd_processes() &&
smbd_server_fd() != -1 &&
((child = sys_fork())==0)) {
+ char remaddr[INET6_ADDRSTRLEN];
+
/* Child code ... */
/* Stop zombies, the parent explicitly handles
@@ -622,8 +624,10 @@ static bool open_sockets_smbd(bool is_daemon, bool interactive, const char *smb_
/* this is needed so that we get decent entries
in smbstatus for port 445 connects */
- set_remote_machine_name(get_peer_addr(smbd_server_fd()),
- False);
+ set_remote_machine_name(get_peer_addr(smbd_server_fd(),
+ remaddr,
+ sizeof(remaddr)),
+ false);
/* Reset the state of the random
* number generation system, so
diff --git a/source/smbd/service.c b/source/smbd/service.c
index bb279b7..502fade 100644
--- a/source/smbd/service.c
+++ b/source/smbd/service.c
@@ -642,6 +642,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
fstring user;
fstring dev;
int ret;
+ char addr[INET6_ADDRSTRLEN];
*user = 0;
fstrcpy(dev, pdev);
@@ -757,7 +758,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
add_session_user(user);
- safe_strcpy(conn->client_address, client_addr(),
+ safe_strcpy(conn->client_address, client_addr(addr,sizeof(addr)),
sizeof(conn->client_address)-1);
conn->num_files_open = 0;
conn->lastused = conn->lastused_count = time(NULL);
@@ -1204,6 +1205,7 @@ connection_struct *make_connection(const char *service_in, DATA_BLOB password,
fstring service;
fstring dev;
int snum = -1;
+ char addr[INET6_ADDRSTRLEN];
fstrcpy(dev, pdev);
@@ -1300,7 +1302,9 @@ connection_struct *make_connection(const char *service_in, DATA_BLOB password,
}
DEBUG(0,("%s (%s) couldn't find service %s\n",
- get_remote_machine_name(), client_addr(), service));
+ get_remote_machine_name(),
+ client_addr(addr,sizeof(addr)),
+ service));
*status = NT_STATUS_BAD_NETWORK_NAME;
return NULL;
}
diff --git a/source/smbd/session.c b/source/smbd/session.c
index ebbb40e..69f4a37 100644
--- a/source/smbd/session.c
+++ b/source/smbd/session.c
@@ -69,6 +69,7 @@ bool session_claim(user_struct *vuser)
struct db_context *ctx;
struct db_record *rec;
NTSTATUS status;
+ char addr[INET6_ADDRSTRLEN];
vuser->session_keystr = NULL;
@@ -160,7 +161,7 @@ bool session_claim(user_struct *vuser)
hostname = client_name();
if (strcmp(hostname, "UNKNOWN") == 0) {
- hostname = client_addr();
+ hostname = client_addr(addr,sizeof(addr));
}
fstrcpy(sessionid.username, vuser->user.unix_name);
@@ -170,7 +171,7 @@ bool session_claim(user_struct *vuser)
sessionid.uid = vuser->uid;
sessionid.gid = vuser->gid;
fstrcpy(sessionid.remote_machine, get_remote_machine_name());
- fstrcpy(sessionid.ip_addr_str, client_addr());
+ fstrcpy(sessionid.ip_addr_str, client_addr(addr,sizeof(addr)));
sessionid.connect_start = time(NULL);
if (!smb_pam_claim_session(sessionid.username, sessionid.id_str,
diff --git a/source/smbd/sesssetup.c b/source/smbd/sesssetup.c
index bc298d1..87cb3b4 100644
--- a/source/smbd/sesssetup.c
+++ b/source/smbd/sesssetup.c
@@ -1307,6 +1307,8 @@ static int shutdown_other_smbds(struct db_record *rec,
static void setup_new_vc_session(void)
{
+ char addr[INET6_ADDRSTRLEN];
+
DEBUG(2,("setup_new_vc_session: New VC == 0, if NT4.x "
"compatible we would close all old resources.\n"));
#if 0
@@ -1315,7 +1317,8 @@ static void setup_new_vc_session(void)
#endif
if (lp_reset_on_zero_vc()) {
connections_forall(shutdown_other_smbds,
- CONST_DISCARD(void *,client_addr()));
+ CONST_DISCARD(void *,
+ client_addr(addr,sizeof(addr))));
}
}
diff --git a/source/web/cgi.c b/source/web/cgi.c
index 6a8688b..41ac29b 100644
--- a/source/web/cgi.c
+++ b/source/web/cgi.c
@@ -647,7 +647,8 @@ return the hostname of the client
const char *cgi_remote_addr(void)
{
if (inetd_server) {
- return get_peer_addr(1);
+ char addr[INET6_ADDRSTRLEN];
+ return get_peer_addr(1,addr,sizeof(addr));
}
return getenv("REMOTE_ADDR");
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list