[SCM] Samba Shared Repository - branch v3-2-test updated -
initial-v3-2-test-1435-g05c22a5
Simo Sorce
idra at samba.org
Wed Jan 16 17:09:03 GMT 2008
The branch, v3-2-test has been updated
via 05c22a55a4c052c682a2f2afdb0696504195d18c (commit)
via dfc80b4f1c00c131ba8077432bfe79f22f63ccd1 (commit)
from 2ea55c03b25eb5e98be3449e12004a7246319acd (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test
- Log -----------------------------------------------------------------
commit 05c22a55a4c052c682a2f2afdb0696504195d18c
Merge: dfc80b4f1c00c131ba8077432bfe79f22f63ccd1 2ea55c03b25eb5e98be3449e12004a7246319acd
Author: Simo Sorce <idra at samba.org>
Date: Wed Jan 16 12:06:34 2008 -0500
Merge branch 'v3-2-test' of ssh://git.samba.org/data/git/samba into v3-2-simo
commit dfc80b4f1c00c131ba8077432bfe79f22f63ccd1
Author: Igor Mammedov <niallain at gmail.com>
Date: Wed Dec 19 17:48:43 2007 +0300
Adds support for cifs.resolver upcall.
Here is a patch for userspace cifs.spnego handler that adds support for cifs.resolver
upcall used in DFS code.
Any comments are appreciated.
#############################
Cifs upcall with key type cifs.resolver is used for resolving
server names in handling DFS refferals.
Signed-off-by: Igor Mammedov <niallain at gmail.com>
-----------------------------------------------------------------------
Summary of changes:
source/client/cifs.spnego.c | 63 +++++++++++++++++++++++++++++++++++++++++-
1 files changed, 61 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/client/cifs.spnego.c b/source/client/cifs.spnego.c
index caa2227..d10d19d 100644
--- a/source/client/cifs.spnego.c
+++ b/source/client/cifs.spnego.c
@@ -3,11 +3,13 @@
* Copyright (C) Igor Mammedov (niallain at gmail.com) 2007
*
* Used by /sbin/request-key for handling
-* cifs upcall for kerberos authorization of access to share.
+* cifs upcall for kerberos authorization of access to share and
+* cifs upcall for DFS srver name resolving (IPv4/IPv6 aware).
* You should have keyutils installed and add following line to
* /etc/request-key.conf file
create cifs.spnego * * /usr/local/sbin/cifs.spnego [-v][-c] %k
+create cifs.resolver * * /usr/local/sbin/cifs.spnego [-v] %k
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -27,7 +29,7 @@ create cifs.spnego * * /usr/local/sbin/cifs.spnego [-v][-c] %k
#include "cifs_spnego.h"
-const char* CIFSSPNEGO_VERSION="1.0";
+const char *CIFSSPNEGO_VERSION = "1.1";
static const char *prog = "cifs.spnego";
typedef enum _secType {
KRB5,
@@ -146,6 +148,58 @@ int decode_key_description(const char *desc, int *ver, secType_t * sec,
return retval;
}
+int cifs_resolver(const key_serial_t key, const char *key_descr)
+{
+ int c;
+ struct addrinfo *addr;
+ char ip[INET6_ADDRSTRLEN];
+ void *p;
+ const char *keyend = key_descr;
+ /* skip next 4 ';' delimiters to get to description */
+ for (c = 1; c <= 4; c++) {
+ keyend = index(keyend+1, ';');
+ if (!keyend) {
+ syslog(LOG_WARNING, "invalid key description: %s",
+ key_descr);
+ return 1;
+ }
+ }
+ keyend++;
+
+ /* resolve name to ip */
+ c = getaddrinfo(keyend, NULL, NULL, &addr);
+ if (c) {
+ syslog(LOG_WARNING, "unable to resolve hostname: %s [%s]",
+ keyend, gai_strerror(c));
+ return 1;
+ }
+
+ /* conver ip to string form */
+ if (addr->ai_family == AF_INET) {
+ p = &(((struct sockaddr_in *)addr->ai_addr)->sin_addr);
+ } else {
+ p = &(((struct sockaddr_in6 *)addr->ai_addr)->sin6_addr);
+ }
+ if (!inet_ntop(addr->ai_family, p, ip, sizeof(ip))) {
+ syslog(LOG_WARNING, "%s: inet_ntop: %s",
+ __FUNCTION__, strerror(errno));
+ freeaddrinfo(addr);
+ return 1;
+ }
+
+ /* setup key */
+ c = keyctl_instantiate(key, ip, strlen(ip)+1, 0);
+ if (c == -1) {
+ syslog(LOG_WARNING, "%s: keyctl_instantiate: %s",
+ __FUNCTION__, strerror(errno));
+ freeaddrinfo(addr);
+ return 1;
+ }
+
+ freeaddrinfo(addr);
+ return 0;
+}
+
int main(const int argc, char *const argv[])
{
struct cifs_spnego_msg *keydata = NULL;
@@ -199,6 +253,11 @@ int main(const int argc, char *const argv[])
goto out;
}
+ if (strncmp(buf, "cifs.resolver", sizeof("cifs.resolver")-1) == 0) {
+ rc = cifs_resolver(key, buf);
+ goto out;
+ }
+
rc = decode_key_description(buf, &kernel_upcall_version, §ype,
&hostname, &uid);
if ((rc & DKD_MUSTHAVE_SET) != DKD_MUSTHAVE_SET) {
--
Samba Shared Repository
More information about the samba-cvs
mailing list