don't directly use sockaddr_storage, since we can't always know what
it looks like git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12055 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Johan Danielsson
@@ -405,11 +405,9 @@ create_and_write_cookie (char *xauthfile,
|
|||||||
int fd;
|
int fd;
|
||||||
FILE *f;
|
FILE *f;
|
||||||
char hostname[MaxHostNameLen];
|
char hostname[MaxHostNameLen];
|
||||||
struct in_addr loopback;
|
|
||||||
int saved_errno;
|
int saved_errno;
|
||||||
|
|
||||||
gethostname (hostname, sizeof(hostname));
|
gethostname (hostname, sizeof(hostname));
|
||||||
loopback.s_addr = htonl(INADDR_LOOPBACK);
|
|
||||||
|
|
||||||
auth.family = FamilyLocal;
|
auth.family = FamilyLocal;
|
||||||
auth.address = hostname;
|
auth.address = hostname;
|
||||||
@@ -455,11 +453,6 @@ create_and_write_cookie (char *xauthfile,
|
|||||||
auth.family = FamilyWild;
|
auth.family = FamilyWild;
|
||||||
auth.address_length = 0;
|
auth.address_length = 0;
|
||||||
|
|
||||||
#if 0 /* XXX */
|
|
||||||
auth.address = (char *)&loopback;
|
|
||||||
auth.address_length = sizeof(loopback);
|
|
||||||
#endif
|
|
||||||
|
|
||||||
if (XauWriteAuth(f, &auth) == 0) {
|
if (XauWriteAuth(f, &auth) == 0) {
|
||||||
saved_errno = errno;
|
saved_errno = errno;
|
||||||
fclose (f);
|
fclose (f);
|
||||||
@@ -754,12 +747,12 @@ replace_cookie(int xserver, int fd, char *filename, int cookiesp) /* XXX */
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
int
|
int
|
||||||
suspicious_address (int sock, struct sockaddr_storage *addr)
|
suspicious_address (int sock, struct sockaddr *addr)
|
||||||
{
|
{
|
||||||
char data[40];
|
char data[40];
|
||||||
socklen_t len = sizeof(data);
|
socklen_t len = sizeof(data);
|
||||||
|
|
||||||
switch (addr->ss_family) {
|
switch (addr->sa_family) {
|
||||||
case AF_INET:
|
case AF_INET:
|
||||||
return ((struct sockaddr_in *)addr)->sin_addr.s_addr !=
|
return ((struct sockaddr_in *)addr)->sin_addr.s_addr !=
|
||||||
htonl(INADDR_LOOPBACK)
|
htonl(INADDR_LOOPBACK)
|
||||||
|
|||||||
@@ -43,6 +43,8 @@ void
|
|||||||
context_set (kx_context *kc, const char *host, const char *user, int port,
|
context_set (kx_context *kc, const char *host, const char *user, int port,
|
||||||
int debug_flag, int keepalive_flag, int tcp_flag)
|
int debug_flag, int keepalive_flag, int tcp_flag)
|
||||||
{
|
{
|
||||||
|
kc->thisaddr = (struct sockaddr*)&kc->__ss_this;
|
||||||
|
kc->thataddr = (struct sockaddr*)&kc->__ss_that;
|
||||||
kc->host = host;
|
kc->host = host;
|
||||||
kc->user = user;
|
kc->user = user;
|
||||||
kc->port = port;
|
kc->port = port;
|
||||||
|
|||||||
@@ -71,7 +71,7 @@ krb4_authenticate (kx_context *kc, int s)
|
|||||||
krb4_kx_context *c = (krb4_kx_context *)kc->data;
|
krb4_kx_context *c = (krb4_kx_context *)kc->data;
|
||||||
const char *host = kc->host;
|
const char *host = kc->host;
|
||||||
|
|
||||||
if (kc->thisaddr.ss_family != AF_INET) {
|
if (kc->thisaddr->sa_family != AF_INET) {
|
||||||
warnx ("%s: used Kerberos v4 authentiocation on on non-IP4 address",
|
warnx ("%s: used Kerberos v4 authentiocation on on non-IP4 address",
|
||||||
host);
|
host);
|
||||||
return -1;
|
return -1;
|
||||||
@@ -84,15 +84,15 @@ krb4_authenticate (kx_context *kc, int s)
|
|||||||
if (krb_get_our_ip_for_realm(krb_realmofhost(kc->host),
|
if (krb_get_our_ip_for_realm(krb_realmofhost(kc->host),
|
||||||
&natAddr) == KSUCCESS
|
&natAddr) == KSUCCESS
|
||||||
|| krb_get_our_ip_for_realm (NULL, &natAddr) == KSUCCESS)
|
|| krb_get_our_ip_for_realm (NULL, &natAddr) == KSUCCESS)
|
||||||
((struct sockaddr_in *)&kc->thisaddr)->sin_addr = natAddr;
|
((struct sockaddr_in *)kc->thisaddr)->sin_addr = natAddr;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
status = krb_sendauth (KOPT_DO_MUTUAL, s, &text, "rcmd",
|
status = krb_sendauth (KOPT_DO_MUTUAL, s, &text, "rcmd",
|
||||||
(char *)host, krb_realmofhost (host),
|
(char *)host, krb_realmofhost (host),
|
||||||
getpid(), &msg, &cred, c->schedule,
|
getpid(), &msg, &cred, c->schedule,
|
||||||
(struct sockaddr_in *)&kc->thisaddr,
|
(struct sockaddr_in *)kc->thisaddr,
|
||||||
(struct sockaddr_in *)&kc->thataddr, KX_VERSION);
|
(struct sockaddr_in *)kc->thataddr, KX_VERSION);
|
||||||
if (status != KSUCCESS) {
|
if (status != KSUCCESS) {
|
||||||
warnx ("%s: %s", host, krb_get_err_text(status));
|
warnx ("%s: %s", host, krb_get_err_text(status));
|
||||||
return -1;
|
return -1;
|
||||||
@@ -128,8 +128,8 @@ krb4_read (kx_context *kc,
|
|||||||
if (krb_net_read (fd, buf, l) != l)
|
if (krb_net_read (fd, buf, l) != l)
|
||||||
return -1;
|
return -1;
|
||||||
status = krb_rd_priv (buf, l, c->schedule, &c->key,
|
status = krb_rd_priv (buf, l, c->schedule, &c->key,
|
||||||
(struct sockaddr_in *)&kc->thataddr,
|
(struct sockaddr_in *)kc->thataddr,
|
||||||
(struct sockaddr_in *)&kc->thisaddr, &msg);
|
(struct sockaddr_in *)kc->thisaddr, &msg);
|
||||||
if (status != RD_AP_OK) {
|
if (status != RD_AP_OK) {
|
||||||
warnx ("krb4_read: %s", krb_get_err_text(status));
|
warnx ("krb4_read: %s", krb_get_err_text(status));
|
||||||
return -1;
|
return -1;
|
||||||
@@ -156,8 +156,8 @@ krb4_write(kx_context *kc,
|
|||||||
if (outbuf == NULL)
|
if (outbuf == NULL)
|
||||||
return -1;
|
return -1;
|
||||||
outlen = krb_mk_priv ((void *)buf, outbuf, len, c->schedule, &c->key,
|
outlen = krb_mk_priv ((void *)buf, outbuf, len, c->schedule, &c->key,
|
||||||
(struct sockaddr_in *)&kc->thisaddr,
|
(struct sockaddr_in *)kc->thisaddr,
|
||||||
(struct sockaddr_in *)&kc->thataddr);
|
(struct sockaddr_in *)kc->thataddr);
|
||||||
if (outlen < 0) {
|
if (outlen < 0) {
|
||||||
free (outbuf);
|
free (outbuf);
|
||||||
return -1;
|
return -1;
|
||||||
@@ -312,7 +312,7 @@ recv_v4_auth (kx_context *kc, int sock, u_char *buf)
|
|||||||
AUTH_DAT auth;
|
AUTH_DAT auth;
|
||||||
des_key_schedule schedule;
|
des_key_schedule schedule;
|
||||||
|
|
||||||
if (kc->thisaddr.ss_family != AF_INET)
|
if (kc->thisaddr->sa_family != AF_INET)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
if (memcmp (buf, KRB_SENDAUTH_VERS, 4) != 0)
|
if (memcmp (buf, KRB_SENDAUTH_VERS, 4) != 0)
|
||||||
@@ -333,8 +333,8 @@ recv_v4_auth (kx_context *kc, int sock, u_char *buf)
|
|||||||
&ticket,
|
&ticket,
|
||||||
"rcmd",
|
"rcmd",
|
||||||
instance,
|
instance,
|
||||||
(struct sockaddr_in *)&kc->thataddr,
|
(struct sockaddr_in *)kc->thataddr,
|
||||||
(struct sockaddr_in *)&kc->thisaddr,
|
(struct sockaddr_in *)kc->thisaddr,
|
||||||
&auth,
|
&auth,
|
||||||
"",
|
"",
|
||||||
schedule,
|
schedule,
|
||||||
|
|||||||
@@ -136,9 +136,9 @@ connect_host (kx_context *kc)
|
|||||||
if (getsockname (s, thisaddr, &addrlen) < 0 ||
|
if (getsockname (s, thisaddr, &addrlen) < 0 ||
|
||||||
addrlen != a->ai_addrlen)
|
addrlen != a->ai_addrlen)
|
||||||
err(1, "getsockname(%s)", kc->host);
|
err(1, "getsockname(%s)", kc->host);
|
||||||
memcpy (&kc->thisaddr, thisaddr, sizeof(kc->thisaddr));
|
memcpy (&kc->__ss_this, thisaddr, sizeof(kc->__ss_this));
|
||||||
kc->thisaddr_len = addrlen;
|
kc->thisaddr_len = addrlen;
|
||||||
memcpy (&kc->thataddr, a->ai_addr, sizeof(kc->thataddr));
|
memcpy (&kc->__ss_that, a->ai_addr, sizeof(kc->__ss_that));
|
||||||
kc->thataddr_len = a->ai_addrlen;
|
kc->thataddr_len = a->ai_addrlen;
|
||||||
freeaddrinfo (ai);
|
freeaddrinfo (ai);
|
||||||
if ((*kc->authenticate)(kc, s))
|
if ((*kc->authenticate)(kc, s))
|
||||||
|
|||||||
@@ -166,7 +166,7 @@ int create_and_write_cookie (char *xauthfile,
|
|||||||
int verify_and_remove_cookies (int fd, int sock, int cookiesp);
|
int verify_and_remove_cookies (int fd, int sock, int cookiesp);
|
||||||
int replace_cookie(int xserver, int fd, char *filename, int cookiesp);
|
int replace_cookie(int xserver, int fd, char *filename, int cookiesp);
|
||||||
|
|
||||||
int suspicious_address (int sock, struct sockaddr_storage *addr);
|
int suspicious_address (int sock, struct sockaddr *addr);
|
||||||
|
|
||||||
#define KX_PORT 2111
|
#define KX_PORT 2111
|
||||||
|
|
||||||
@@ -197,7 +197,10 @@ struct kx_context {
|
|||||||
int debug_flag;
|
int debug_flag;
|
||||||
int keepalive_flag;
|
int keepalive_flag;
|
||||||
int tcp_flag;
|
int tcp_flag;
|
||||||
struct sockaddr_storage thisaddr, thataddr;
|
struct sockaddr_storage __ss_this;
|
||||||
|
struct sockaddr_storage __ss_that;
|
||||||
|
struct sockaddr *thisaddr;
|
||||||
|
struct sockaddr *thataddr;
|
||||||
socklen_t thisaddr_len, thataddr_len;
|
socklen_t thisaddr_len, thataddr_len;
|
||||||
void *data;
|
void *data;
|
||||||
};
|
};
|
||||||
|
|||||||
@@ -121,20 +121,22 @@ recv_conn (int sock, kx_context *kc,
|
|||||||
int len;
|
int len;
|
||||||
u_int32_t tmp32;
|
u_int32_t tmp32;
|
||||||
|
|
||||||
addrlen = sizeof(kc->thisaddr);
|
addrlen = sizeof(kc->__ss_this);
|
||||||
if (getsockname (sock, (struct sockaddr *)&kc->thisaddr, &addrlen) < 0) {
|
kc->thisaddr = (struct sockaddr*)&kc->__ss_this;
|
||||||
|
if (getsockname (sock, kc->thisaddr, &addrlen) < 0) {
|
||||||
syslog (LOG_ERR, "getsockname: %m");
|
syslog (LOG_ERR, "getsockname: %m");
|
||||||
exit (1);
|
exit (1);
|
||||||
}
|
}
|
||||||
kc->thisaddr_len = addrlen;
|
kc->thisaddr_len = addrlen;
|
||||||
addrlen = sizeof(kc->thataddr);
|
addrlen = sizeof(kc->thataddr);
|
||||||
if (getpeername (sock, (struct sockaddr *)&kc->thataddr, &addrlen) < 0) {
|
kc->thataddr = (struct sockaddr*)&kc->__ss_that;
|
||||||
|
if (getpeername (sock, kc->thataddr, &addrlen) < 0) {
|
||||||
syslog (LOG_ERR, "getpeername: %m");
|
syslog (LOG_ERR, "getpeername: %m");
|
||||||
exit (1);
|
exit (1);
|
||||||
}
|
}
|
||||||
kc->thataddr_len = addrlen;
|
kc->thataddr_len = addrlen;
|
||||||
|
|
||||||
getnameinfo_verified ((struct sockaddr *)&kc->thataddr,
|
getnameinfo_verified (kc->thataddr,
|
||||||
kc->thataddr_len,
|
kc->thataddr_len,
|
||||||
remotehost, sizeof(remotehost),
|
remotehost, sizeof(remotehost),
|
||||||
NULL, 0, 0);
|
NULL, 0, 0);
|
||||||
@@ -294,12 +296,14 @@ doit_conn (kx_context *kc,
|
|||||||
int fd, int meta_sock, int flags, int cookiesp)
|
int fd, int meta_sock, int flags, int cookiesp)
|
||||||
{
|
{
|
||||||
int sock, sock2, port;
|
int sock, sock2, port;
|
||||||
struct sockaddr_storage addr;
|
struct sockaddr_storage __ss_addr;
|
||||||
struct sockaddr_storage thisaddr;
|
struct sockaddr *addr = (struct sockaddr*)&__ss_addr;
|
||||||
|
struct sockaddr_storage __ss_thisaddr;
|
||||||
|
struct sockaddr *thisaddr = (struct sockaddr*)&__ss_thisaddr;
|
||||||
socklen_t addrlen;
|
socklen_t addrlen;
|
||||||
u_char msg[1024], *p;
|
u_char msg[1024], *p;
|
||||||
|
|
||||||
sock = socket (kc->thisaddr.ss_family, SOCK_STREAM, 0);
|
sock = socket (kc->thisaddr->sa_family, SOCK_STREAM, 0);
|
||||||
if (sock < 0) {
|
if (sock < 0) {
|
||||||
syslog (LOG_ERR, "socket: %m");
|
syslog (LOG_ERR, "socket: %m");
|
||||||
return 1;
|
return 1;
|
||||||
@@ -318,18 +322,18 @@ doit_conn (kx_context *kc,
|
|||||||
sizeof(one));
|
sizeof(one));
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
memset (&addr, 0, sizeof(addr));
|
memset (&__ss_addr, 0, sizeof(__ss_addr));
|
||||||
addr.ss_family = kc->thisaddr.ss_family;
|
addr->sa_family = kc->thisaddr->sa_family;
|
||||||
if (kc->thisaddr_len > sizeof(addr)) {
|
if (kc->thisaddr_len > sizeof(__ss_addr)) {
|
||||||
syslog(LOG_ERR, "error in af");
|
syslog(LOG_ERR, "error in af");
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
if (bind (sock, (struct sockaddr *)&addr, kc->thisaddr_len) < 0) {
|
if (bind (sock, addr, kc->thisaddr_len) < 0) {
|
||||||
syslog (LOG_ERR, "bind: %m");
|
syslog (LOG_ERR, "bind: %m");
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
addrlen = sizeof(addr);
|
addrlen = sizeof(__ss_addr);
|
||||||
if (getsockname (sock, (struct sockaddr *)&addr, &addrlen) < 0) {
|
if (getsockname (sock, addr, &addrlen) < 0) {
|
||||||
syslog (LOG_ERR, "getsockname: %m");
|
syslog (LOG_ERR, "getsockname: %m");
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
@@ -337,7 +341,7 @@ doit_conn (kx_context *kc,
|
|||||||
syslog (LOG_ERR, "listen: %m");
|
syslog (LOG_ERR, "listen: %m");
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
port = socket_get_port((struct sockaddr *)&addr);
|
port = socket_get_port(addr);
|
||||||
|
|
||||||
p = msg;
|
p = msg;
|
||||||
*p++ = NEW_CONN;
|
*p++ = NEW_CONN;
|
||||||
@@ -348,8 +352,8 @@ doit_conn (kx_context *kc,
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
addrlen = sizeof(thisaddr);
|
addrlen = sizeof(__ss_thisaddr);
|
||||||
sock2 = accept (sock, (struct sockaddr *)&thisaddr, &addrlen);
|
sock2 = accept (sock, thisaddr, &addrlen);
|
||||||
if (sock2 < 0) {
|
if (sock2 < 0) {
|
||||||
syslog (LOG_ERR, "accept: %m");
|
syslog (LOG_ERR, "accept: %m");
|
||||||
return 1;
|
return 1;
|
||||||
@@ -527,17 +531,18 @@ doit_passive (kx_context *kc,
|
|||||||
for (i = 0; i < nsockets; ++i) {
|
for (i = 0; i < nsockets; ++i) {
|
||||||
if (FD_ISSET(sockets[i].fd, &fds)) {
|
if (FD_ISSET(sockets[i].fd, &fds)) {
|
||||||
if (sockets[i].flags == TCP) {
|
if (sockets[i].flags == TCP) {
|
||||||
struct sockaddr_storage peer;
|
struct sockaddr_storage __ss_peer;
|
||||||
socklen_t len = sizeof(peer);
|
struct sockaddr *peer = (struct sockaddr*)&__ss_peer;
|
||||||
|
socklen_t len = sizeof(__ss_peer);
|
||||||
|
|
||||||
fd = accept (sockets[i].fd,
|
fd = accept (sockets[i].fd,
|
||||||
(struct sockaddr *)&peer,
|
peer,
|
||||||
&len);
|
&len);
|
||||||
if (fd < 0 && errno != EINTR)
|
if (fd < 0 && errno != EINTR)
|
||||||
syslog (LOG_ERR, "accept: %m");
|
syslog (LOG_ERR, "accept: %m");
|
||||||
|
|
||||||
/* XXX */
|
/* XXX */
|
||||||
if (fd >= 0 && suspicious_address (fd, &peer)) {
|
if (fd >= 0 && suspicious_address (fd, peer)) {
|
||||||
close (fd);
|
close (fd);
|
||||||
fd = -1;
|
fd = -1;
|
||||||
errno = EINTR;
|
errno = EINTR;
|
||||||
|
|||||||
Reference in New Issue
Block a user