krb5 commit: Consistently name and constify address variables
Greg Hudson
ghudson at mit.edu
Mon Jun 5 12:32:17 EDT 2017
https://github.com/krb5/krb5/commit/1a5a1cd58349ec2fd906a02013526c8800d973c7
commit 1a5a1cd58349ec2fd906a02013526c8800d973c7
Author: Andreas Schneider <asn at samba.org>
Date: Fri May 19 10:31:25 2017 +0200
Consistently name and constify address variables
In libkdb5, libapputils, the KDC, kadmind, and both KDB modules, use
the name "remote_addr" for the variable containing the remote address.
In schpw.c:process_chpw_request(), use the name "local_addr" for the
parameter containing the local address. Make the remote_addr
parameter const in libkdb5 and the DAL.
[ghudson at mit.edu: combined commits and rewrote commit message]
src/include/kdb.h | 12 +++++-----
src/kadmin/server/schpw.c | 16 +++++++-------
src/kdc/dispatch.c | 12 +++++-----
src/kdc/do_as_req.c | 19 +++++++++--------
src/kdc/kdc_log.c | 12 +++++-----
src/kdc/kdc_util.h | 2 +-
src/lib/apputils/net-server.c | 29 ++++++++++++++------------
src/lib/kdb/kdb5.c | 4 +-
src/plugins/kdb/db2/db2_exp.c | 6 +++-
src/plugins/kdb/db2/kdb_db2.c | 2 +-
src/plugins/kdb/db2/kdb_db2.h | 5 ++-
src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c | 2 +-
src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h | 2 +-
13 files changed, 65 insertions(+), 58 deletions(-)
diff --git a/src/include/kdb.h b/src/include/kdb.h
index cadd392..808e283 100644
--- a/src/include/kdb.h
+++ b/src/include/kdb.h
@@ -695,9 +695,9 @@ krb5_error_code krb5_db_check_policy_tgs(krb5_context kcontext,
krb5_pa_data ***e_data);
void krb5_db_audit_as_req(krb5_context kcontext, krb5_kdc_req *request,
- krb5_address *from, krb5_db_entry *client,
- krb5_db_entry *server, krb5_timestamp authtime,
- krb5_error_code error_code);
+ const krb5_address *remote_addr,
+ krb5_db_entry *client, krb5_db_entry *server,
+ krb5_timestamp authtime, krb5_error_code error_code);
void krb5_db_refresh_config(krb5_context kcontext);
@@ -1357,9 +1357,9 @@ typedef struct _kdb_vftabl {
* AS request.
*/
void (*audit_as_req)(krb5_context kcontext, krb5_kdc_req *request,
- krb5_address *from, krb5_db_entry *client,
- krb5_db_entry *server, krb5_timestamp authtime,
- krb5_error_code error_code);
+ const krb5_address *remote_addr,
+ krb5_db_entry *client, krb5_db_entry *server,
+ krb5_timestamp authtime, krb5_error_code error_code);
/* Note: there is currently no method for auditing TGS requests. */
diff --git a/src/kadmin/server/schpw.c b/src/kadmin/server/schpw.c
index d89d246..101be9c 100644
--- a/src/kadmin/server/schpw.c
+++ b/src/kadmin/server/schpw.c
@@ -18,8 +18,8 @@
static krb5_error_code
process_chpw_request(krb5_context context, void *server_handle, char *realm,
- krb5_keytab keytab, const krb5_fulladdr *local_faddr,
- const krb5_fulladdr *remote_faddr, krb5_data *req,
+ krb5_keytab keytab, const krb5_fulladdr *local_addr,
+ const krb5_fulladdr *remote_addr, krb5_data *req,
krb5_data *rep)
{
krb5_error_code ret;
@@ -42,7 +42,7 @@ process_chpw_request(krb5_context context, void *server_handle, char *realm,
struct sockaddr_storage ss;
socklen_t salen;
char addrbuf[100];
- krb5_address *addr = remote_faddr->address;
+ krb5_address *addr = remote_addr->address;
*rep = empty_data();
@@ -237,7 +237,7 @@ process_chpw_request(krb5_context context, void *server_handle, char *realm,
sin->sin_family = AF_INET;
memcpy(&sin->sin_addr, addr->contents, addr->length);
- sin->sin_port = htons(remote_faddr->port);
+ sin->sin_port = htons(remote_addr->port);
salen = sizeof(*sin);
break;
}
@@ -246,7 +246,7 @@ process_chpw_request(krb5_context context, void *server_handle, char *realm,
sin6->sin6_family = AF_INET6;
memcpy(&sin6->sin6_addr, addr->contents, addr->length);
- sin6->sin6_port = htons(remote_faddr->port);
+ sin6->sin6_port = htons(remote_addr->port);
salen = sizeof(*sin6);
break;
}
@@ -326,7 +326,7 @@ chpwfail:
if (ap_rep.length) {
ret = krb5_auth_con_setaddrs(context, auth_context,
- local_faddr->address, NULL);
+ local_addr->address, NULL);
if (ret) {
numresult = KRB5_KPASSWD_HARDERROR;
strlcpy(strresult,
@@ -437,7 +437,7 @@ bailout:
/* Dispatch routine for set/change password */
void
dispatch(void *handle, struct sockaddr *local_saddr,
- const krb5_fulladdr *remote_faddr, krb5_data *request, int is_tcp,
+ const krb5_fulladdr *remote_addr, krb5_data *request, int is_tcp,
verto_ctx *vctx, loop_respond_fn respond, void *arg)
{
krb5_error_code ret;
@@ -466,7 +466,7 @@ dispatch(void *handle, struct sockaddr *local_saddr,
server_handle->params.realm,
kt,
&local_faddr,
- remote_faddr,
+ remote_addr,
request,
response);
egress:
diff --git a/src/kdc/dispatch.c b/src/kdc/dispatch.c
index 4ecc234..b501fb8 100644
--- a/src/kdc/dispatch.c
+++ b/src/kdc/dispatch.c
@@ -120,7 +120,7 @@ reseed_random(krb5_context kdc_err_context)
void
dispatch(void *cb, struct sockaddr *local_saddr,
- const krb5_fulladdr *from, krb5_data *pkt, int is_tcp,
+ const krb5_fulladdr *remote_addr, krb5_data *pkt, int is_tcp,
verto_ctx *vctx, loop_respond_fn respond, void *arg)
{
krb5_error_code retval;
@@ -150,8 +150,8 @@ dispatch(void *cb, struct sockaddr *local_saddr,
const char *name = 0;
char buf[46];
- name = inet_ntop (ADDRTYPE2FAMILY (from->address->addrtype),
- from->address->contents, buf, sizeof (buf));
+ name = inet_ntop(ADDRTYPE2FAMILY(remote_addr->address->addrtype),
+ remote_addr->address->contents, buf, sizeof(buf));
if (name == 0)
name = "[unknown address type]";
if (response)
@@ -177,7 +177,7 @@ dispatch(void *cb, struct sockaddr *local_saddr,
/* try TGS_REQ first; they are more common! */
if (krb5_is_tgs_req(pkt)) {
- retval = process_tgs_req(handle, pkt, from, &response);
+ retval = process_tgs_req(handle, pkt, remote_addr, &response);
} else if (krb5_is_as_req(pkt)) {
if (!(retval = decode_krb5_as_req(pkt, &as_req))) {
/*
@@ -187,8 +187,8 @@ dispatch(void *cb, struct sockaddr *local_saddr,
*/
state->active_realm = setup_server_realm(handle, as_req->server);
if (state->active_realm != NULL) {
- process_as_req(as_req, pkt, from, state->active_realm, vctx,
- finish_dispatch_cache, state);
+ process_as_req(as_req, pkt, remote_addr, state->active_realm,
+ vctx, finish_dispatch_cache, state);
return;
} else {
retval = KRB5KDC_ERR_WRONG_REALM;
diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c
index 3be9ca6..acaa651 100644
--- a/src/kdc/do_as_req.c
+++ b/src/kdc/do_as_req.c
@@ -160,7 +160,7 @@ struct as_req_state {
struct kdc_request_state *rstate;
char *sname, *cname;
void *pa_context;
- const krb5_fulladdr *from;
+ const krb5_fulladdr *remote_addr;
krb5_data **auth_indicators;
krb5_error_code preauth_err;
@@ -359,7 +359,7 @@ finish_process_as_req(struct as_req_state *state, krb5_error_code errcode)
state->reply.enc_part.ciphertext.length);
free(state->reply.enc_part.ciphertext.data);
- log_as_req(kdc_context, state->from, state->request, &state->reply,
+ log_as_req(kdc_context, state->remote_addr, state->request, &state->reply,
state->client, state->cname, state->server,
state->sname, state->authtime, 0, 0, 0);
did_log = 1;
@@ -381,10 +381,10 @@ egress:
emsg = krb5_get_error_message(kdc_context, errcode);
if (state->status) {
- log_as_req(kdc_context,
- state->from, state->request, &state->reply, state->client,
- state->cname, state->server, state->sname, state->authtime,
- state->status, errcode, emsg);
+ log_as_req(kdc_context, state->remote_addr, state->request,
+ &state->reply, state->client, state->cname, state->server,
+ state->sname, state->authtime, state->status, errcode,
+ emsg);
did_log = 1;
}
if (errcode) {
@@ -492,7 +492,7 @@ finish_preauth(void *arg, krb5_error_code code)
/*ARGSUSED*/
void
process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
- const krb5_fulladdr *from, kdc_realm_t *kdc_active_realm,
+ const krb5_fulladdr *remote_addr, kdc_realm_t *kdc_active_realm,
verto_ctx *vctx, loop_respond_fn respond, void *arg)
{
krb5_error_code errcode;
@@ -511,7 +511,7 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
state->arg = arg;
state->request = request;
state->req_pkt = req_pkt;
- state->from = from;
+ state->remote_addr = remote_addr;
state->active_realm = kdc_active_realm;
errcode = kdc_make_rstate(kdc_active_realm, &state->rstate);
@@ -522,7 +522,8 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
}
/* Initialize audit state. */
- errcode = kau_init_kdc_req(kdc_context, state->request, from, &au_state);
+ errcode = kau_init_kdc_req(kdc_context, state->request, remote_addr,
+ &au_state);
if (errcode) {
(*respond)(arg, errcode, NULL);
kdc_free_rstate(state->rstate);
diff --git a/src/kdc/kdc_log.c b/src/kdc/kdc_log.c
index 925fc3f..13fcfa7 100644
--- a/src/kdc/kdc_log.c
+++ b/src/kdc/kdc_log.c
@@ -54,7 +54,7 @@
/* Someday, pass local address/port as well. */
/* Currently no info about name canonicalization is logged. */
void
-log_as_req(krb5_context context, const krb5_fulladdr *from,
+log_as_req(krb5_context context, const krb5_fulladdr *remote_addr,
krb5_kdc_req *request, krb5_kdc_rep *reply,
krb5_db_entry *client, const char *cname,
krb5_db_entry *server, const char *sname,
@@ -67,8 +67,8 @@ log_as_req(krb5_context context, const krb5_fulladdr *from,
const char *cname2 = cname ? cname : "<unknown client>";
const char *sname2 = sname ? sname : "<unknown server>";
- fromstring = inet_ntop(ADDRTYPE2FAMILY (from->address->addrtype),
- from->address->contents,
+ fromstring = inet_ntop(ADDRTYPE2FAMILY(remote_addr->address->addrtype),
+ remote_addr->address->contents,
fromstringbuf, sizeof(fromstringbuf));
if (!fromstring)
fromstring = "<unknown>";
@@ -89,14 +89,14 @@ log_as_req(krb5_context context, const krb5_fulladdr *from,
ktypestr, fromstring, status,
cname2, sname2, emsg ? ", " : "", emsg ? emsg : "");
}
- krb5_db_audit_as_req(context, request, from->address, client, server,
- authtime, errcode);
+ krb5_db_audit_as_req(context, request, remote_addr->address, client,
+ server, authtime, errcode);
#if 0
/* Sun (OpenSolaris) version would probably something like this.
The client and server names passed can be null, unlike in the
logging routines used above. Note that a struct in_addr is
used, but the real address could be an IPv6 address. */
- audit_krb5kdc_as_req(some in_addr *, (in_port_t)from->port, 0,
+ audit_krb5kdc_as_req(some in_addr *, (in_port_t)remote_addr->port, 0,
cname, sname, errcode);
#endif
}
diff --git a/src/kdc/kdc_util.h b/src/kdc/kdc_util.h
index 672f943..2f08ca1 100644
--- a/src/kdc/kdc_util.h
+++ b/src/kdc/kdc_util.h
@@ -346,7 +346,7 @@ kdc_get_ticket_renewtime(kdc_realm_t *realm, krb5_kdc_req *request,
krb5_db_entry *server, krb5_enc_tkt_part *tkt);
void
-log_as_req(krb5_context context, const krb5_fulladdr *from,
+log_as_req(krb5_context context, const krb5_fulladdr *remote_addr,
krb5_kdc_req *request, krb5_kdc_rep *reply,
krb5_db_entry *client, const char *cname,
krb5_db_entry *server, const char *sname,
diff --git a/src/lib/apputils/net-server.c b/src/lib/apputils/net-server.c
index ee3d743..227b4d5 100644
--- a/src/lib/apputils/net-server.c
+++ b/src/lib/apputils/net-server.c
@@ -131,8 +131,8 @@ struct connection {
struct sockaddr_storage addr_s;
socklen_t addrlen;
char addrbuf[56];
- krb5_fulladdr faddr;
- krb5_address kaddr;
+ krb5_address remote_addr_buf;
+ krb5_fulladdr remote_addr;
/* Incoming data (TCP) */
size_t bufsiz;
@@ -951,8 +951,8 @@ struct udp_dispatch_state {
void *handle;
const char *prog;
int port_fd;
- krb5_address addr;
- krb5_fulladdr faddr;
+ krb5_address remote_addr_buf;
+ krb5_fulladdr remote_addr;
socklen_t saddr_len;
socklen_t daddr_len;
struct sockaddr_storage saddr;
@@ -1084,10 +1084,12 @@ process_packet(verto_ctx *ctx, verto_ev *ev)
state->request.length = cc;
state->request.data = state->pktbuf;
- state->faddr.address = &state->addr;
- init_addr(&state->faddr, ss2sa(&state->saddr));
+
+ state->remote_addr.address = &state->remote_addr_buf;
+ init_addr(&state->remote_addr, ss2sa(&state->saddr));
+
/* This address is in net order. */
- dispatch(state->handle, ss2sa(&state->daddr), &state->faddr,
+ dispatch(state->handle, ss2sa(&state->daddr), &state->remote_addr,
&state->request, 0, ctx, process_packet_response, state);
}
@@ -1201,8 +1203,8 @@ accept_tcp_connection(verto_ctx *ctx, verto_ev *ev)
return;
}
newconn->offset = 0;
- newconn->faddr.address = &newconn->kaddr;
- init_addr(&newconn->faddr, ss2sa(&newconn->addr_s));
+ newconn->remote_addr.address = &newconn->remote_addr_buf;
+ init_addr(&newconn->remote_addr, ss2sa(&newconn->addr_s));
SG_SET(&newconn->sgbuf[0], newconn->lenbuf, 4);
SG_SET(&newconn->sgbuf[1], 0, 0);
}
@@ -1356,8 +1358,9 @@ process_tcp_connection_read(verto_ctx *ctx, verto_ev *ev)
goto kill_tcp_connection;
}
- dispatch(state->conn->handle, ss2sa(&state->local_saddr), &conn->faddr,
- &state->request, 1, ctx, process_tcp_response, state);
+ dispatch(state->conn->handle, ss2sa(&state->local_saddr),
+ &conn->remote_addr, &state->request, 1, ctx,
+ process_tcp_response, state);
}
return;
@@ -1505,8 +1508,8 @@ accept_rpc_connection(verto_ctx *ctx, verto_ev *ev)
if (++tcp_or_rpc_data_counter > max_tcp_or_rpc_data_connections)
kill_lru_tcp_or_rpc_connection(newconn->handle, newev);
- newconn->faddr.address = &newconn->kaddr;
- init_addr(&newconn->faddr, ss2sa(&newconn->addr_s));
+ newconn->remote_addr.address = &newconn->remote_addr_buf;
+ init_addr(&newconn->remote_addr, ss2sa(&newconn->addr_s));
}
}
diff --git a/src/lib/kdb/kdb5.c b/src/lib/kdb/kdb5.c
index b233e99..02e0a2d 100644
--- a/src/lib/kdb/kdb5.c
+++ b/src/lib/kdb/kdb5.c
@@ -2672,7 +2672,7 @@ krb5_db_check_policy_tgs(krb5_context kcontext, krb5_kdc_req *request,
void
krb5_db_audit_as_req(krb5_context kcontext, krb5_kdc_req *request,
- krb5_address *from, krb5_db_entry *client,
+ const krb5_address *remote_addr, krb5_db_entry *client,
krb5_db_entry *server, krb5_timestamp authtime,
krb5_error_code error_code)
{
@@ -2682,7 +2682,7 @@ krb5_db_audit_as_req(krb5_context kcontext, krb5_kdc_req *request,
status = get_vftabl(kcontext, &v);
if (status || v->audit_as_req == NULL)
return;
- v->audit_as_req(kcontext, request, from, client, server, authtime,
+ v->audit_as_req(kcontext, request, remote_addr, client, server, authtime,
error_code);
}
diff --git a/src/plugins/kdb/db2/db2_exp.c b/src/plugins/kdb/db2/db2_exp.c
index 5367d05..3b42b0a 100644
--- a/src/plugins/kdb/db2/db2_exp.c
+++ b/src/plugins/kdb/db2/db2_exp.c
@@ -166,10 +166,12 @@ WRAP_K (krb5_db2_check_policy_as,
(kcontext, request, client, server, kdc_time, status, e_data));
WRAP_VOID (krb5_db2_audit_as_req,
- (krb5_context kcontext, krb5_kdc_req *request, krb5_address *from,
+ (krb5_context kcontext, krb5_kdc_req *request,
+ const krb5_address *remote_addr,
krb5_db_entry *client, krb5_db_entry *server,
krb5_timestamp authtime, krb5_error_code error_code),
- (kcontext, request, from, client, server, authtime, error_code));
+ (kcontext, request, remote_addr, client, server,
+ authtime, error_code));
static krb5_error_code
hack_init (void)
diff --git a/src/plugins/kdb/db2/kdb_db2.c b/src/plugins/kdb/db2/kdb_db2.c
index 5c0a83c..3ee6fdd 100644
--- a/src/plugins/kdb/db2/kdb_db2.c
+++ b/src/plugins/kdb/db2/kdb_db2.c
@@ -1551,7 +1551,7 @@ krb5_db2_check_policy_as(krb5_context kcontext, krb5_kdc_req *request,
void
krb5_db2_audit_as_req(krb5_context kcontext, krb5_kdc_req *request,
- krb5_address *from, krb5_db_entry *client,
+ const krb5_address *remote_addr, krb5_db_entry *client,
krb5_db_entry *server, krb5_timestamp authtime,
krb5_error_code error_code)
{
diff --git a/src/plugins/kdb/db2/kdb_db2.h b/src/plugins/kdb/db2/kdb_db2.h
index bc85ba3..52bc508 100644
--- a/src/plugins/kdb/db2/kdb_db2.h
+++ b/src/plugins/kdb/db2/kdb_db2.h
@@ -134,8 +134,9 @@ krb5_db2_check_policy_as(krb5_context kcontext, krb5_kdc_req *request,
void
krb5_db2_audit_as_req(krb5_context kcontext, krb5_kdc_req *request,
- krb5_address *from, krb5_db_entry *client,
- krb5_db_entry *server, krb5_timestamp authtime,
+ const krb5_address *remote_addr,
+ krb5_db_entry *client, krb5_db_entry *server,
+ krb5_timestamp authtime,
krb5_error_code error_code);
#endif /* KRB5_KDB_DB2_H */
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c
index d13637c..b77989d 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c
@@ -277,7 +277,7 @@ krb5_ldap_check_policy_as(krb5_context kcontext, krb5_kdc_req *request,
void
krb5_ldap_audit_as_req(krb5_context kcontext, krb5_kdc_req *request,
- krb5_address *from, krb5_db_entry *client,
+ const krb5_address *remote_addr, krb5_db_entry *client,
krb5_db_entry *server, krb5_timestamp authtime,
krb5_error_code error_code)
{
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
index 80d0650..cf1192b 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
+++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
@@ -282,7 +282,7 @@ krb5_ldap_check_policy_as(krb5_context kcontext, krb5_kdc_req *request,
void
krb5_ldap_audit_as_req(krb5_context kcontext, krb5_kdc_req *request,
- krb5_address *from, krb5_db_entry *client,
+ const krb5_address *remote_addr, krb5_db_entry *client,
krb5_db_entry *server, krb5_timestamp authtime,
krb5_error_code error_code);
More information about the cvs-krb5
mailing list