diff options
Diffstat (limited to 'meta-networking/recipes-connectivity/samba/samba-4.1.12/02-fix-ipv6-join.patch')
-rw-r--r-- | meta-networking/recipes-connectivity/samba/samba-4.1.12/02-fix-ipv6-join.patch | 266 |
1 files changed, 266 insertions, 0 deletions
diff --git a/meta-networking/recipes-connectivity/samba/samba-4.1.12/02-fix-ipv6-join.patch b/meta-networking/recipes-connectivity/samba/samba-4.1.12/02-fix-ipv6-join.patch new file mode 100644 index 0000000000..daa283e675 --- /dev/null +++ b/meta-networking/recipes-connectivity/samba/samba-4.1.12/02-fix-ipv6-join.patch @@ -0,0 +1,266 @@ +From 168627e1877317db86471a4b0360dccd9f469aaa Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> +Date: Mon, 13 Jan 2014 15:59:26 +0100 +Subject: [PATCH 1/2] s3-kerberos: remove print_kdc_line() completely. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Just calling print_canonical_sockaddr() is sufficient, as it already deals with +ipv6 as well. The port handling, which was only done for IPv6 (not IPv4), is +removed as well. It was pointless because it always derived the port number from +the provided address which was either a SMB (usually port 445) or LDAP +connection. No KDC will ever run on port 389 or 445 on a Windows/Samba DC. +Finally, the kerberos libraries that we support and build with, can deal with +ipv6 addresses in krb5.conf, so we no longer put the (unnecessary) burden of +resolving the DC name on the kerberos library anymore. + +Guenther + +Signed-off-by: Günther Deschner <gd@samba.org> +Reviewed-by: Andreas Schneider <asn@samba.org> +--- + source3/libads/kerberos.c | 73 ++++------------------------------------------- + 1 file changed, 5 insertions(+), 68 deletions(-) + +diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c +index b026e09..ea14350 100644 +--- a/source3/libads/kerberos.c ++++ b/source3/libads/kerberos.c +@@ -592,70 +592,6 @@ int kerberos_kinit_password(const char *principal, + /************************************************************************ + ************************************************************************/ + +-static char *print_kdc_line(char *mem_ctx, +- const char *prev_line, +- const struct sockaddr_storage *pss, +- const char *kdc_name) +-{ +- char addr[INET6_ADDRSTRLEN]; +- uint16_t port = get_sockaddr_port(pss); +- +- if (pss->ss_family == AF_INET) { +- return talloc_asprintf(mem_ctx, "%s\tkdc = %s\n", +- prev_line, +- print_canonical_sockaddr(mem_ctx, pss)); +- } +- +- /* +- * IPv6 starts here +- */ +- +- DEBUG(10, ("print_kdc_line: IPv6 case for kdc_name: %s, port: %d\n", +- kdc_name, port)); +- +- if (port != 0 && port != DEFAULT_KRB5_PORT) { +- /* Currently for IPv6 we can't specify a non-default +- krb5 port with an address, as this requires a ':'. +- Resolve to a name. */ +- char hostname[MAX_DNS_NAME_LENGTH]; +- int ret = sys_getnameinfo((const struct sockaddr *)pss, +- sizeof(*pss), +- hostname, sizeof(hostname), +- NULL, 0, +- NI_NAMEREQD); +- if (ret) { +- DEBUG(0,("print_kdc_line: can't resolve name " +- "for kdc with non-default port %s. " +- "Error %s\n.", +- print_canonical_sockaddr(mem_ctx, pss), +- gai_strerror(ret))); +- return NULL; +- } +- /* Success, use host:port */ +- return talloc_asprintf(mem_ctx, +- "%s\tkdc = %s:%u\n", +- prev_line, +- hostname, +- (unsigned int)port); +- } +- +- /* no krb5 lib currently supports "kdc = ipv6 address" +- * at all, so just fill in just the kdc_name if we have +- * it and let the krb5 lib figure out the appropriate +- * ipv6 address - gd */ +- +- if (kdc_name) { +- return talloc_asprintf(mem_ctx, "%s\tkdc = %s\n", +- prev_line, kdc_name); +- } +- +- return talloc_asprintf(mem_ctx, "%s\tkdc = %s\n", +- prev_line, +- print_sockaddr(addr, +- sizeof(addr), +- pss)); +-} +- + /************************************************************************ + Create a string list of available kdc's, possibly searching by sitename. + Does DNS queries. +@@ -698,7 +634,8 @@ static char *get_kdc_ip_string(char *mem_ctx, + char *result = NULL; + struct netlogon_samlogon_response **responses = NULL; + NTSTATUS status; +- char *kdc_str = print_kdc_line(mem_ctx, "", pss, kdc_name); ++ char *kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n", "", ++ print_canonical_sockaddr(mem_ctx, pss)); + + if (kdc_str == NULL) { + TALLOC_FREE(frame); +@@ -788,9 +725,9 @@ static char *get_kdc_ip_string(char *mem_ctx, + } + + /* Append to the string - inefficient but not done often. */ +- new_kdc_str = print_kdc_line(mem_ctx, kdc_str, +- &dc_addrs[i], +- kdc_name); ++ new_kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n", ++ kdc_str, ++ print_canonical_sockaddr(mem_ctx, &dc_addrs[i])); + if (new_kdc_str == NULL) { + goto fail; + } +-- +1.8.5.3 + + +From 3edb3d4084548960f03356cf4c44a6892e6efb84 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> +Date: Fri, 7 Mar 2014 14:47:31 +0100 +Subject: [PATCH 2/2] s3-kerberos: remove unused kdc_name from + create_local_private_krb5_conf_for_domain(). +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Guenther + +Signed-off-by: Günther Deschner <gd@samba.org> +Reviewed-by: Andreas Schneider <asn@samba.org> +--- + source3/libads/kerberos.c | 10 ++++------ + source3/libads/kerberos_proto.h | 3 +-- + source3/libnet/libnet_join.c | 3 +-- + source3/libsmb/namequery_dc.c | 6 ++---- + source3/winbindd/winbindd_cm.c | 6 ++---- + 5 files changed, 10 insertions(+), 18 deletions(-) + +diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c +index ea14350..649e568 100644 +--- a/source3/libads/kerberos.c ++++ b/source3/libads/kerberos.c +@@ -618,8 +618,7 @@ static void add_sockaddr_unique(struct sockaddr_storage *addrs, int *num_addrs, + static char *get_kdc_ip_string(char *mem_ctx, + const char *realm, + const char *sitename, +- const struct sockaddr_storage *pss, +- const char *kdc_name) ++ const struct sockaddr_storage *pss) + { + TALLOC_CTX *frame = talloc_stackframe(); + int i; +@@ -756,8 +755,7 @@ fail: + bool create_local_private_krb5_conf_for_domain(const char *realm, + const char *domain, + const char *sitename, +- const struct sockaddr_storage *pss, +- const char *kdc_name) ++ const struct sockaddr_storage *pss) + { + char *dname; + char *tmpname = NULL; +@@ -782,7 +780,7 @@ bool create_local_private_krb5_conf_for_domain(const char *realm, + return false; + } + +- if (domain == NULL || pss == NULL || kdc_name == NULL) { ++ if (domain == NULL || pss == NULL) { + return false; + } + +@@ -815,7 +813,7 @@ bool create_local_private_krb5_conf_for_domain(const char *realm, + goto done; + } + +- kdc_ip_string = get_kdc_ip_string(dname, realm, sitename, pss, kdc_name); ++ kdc_ip_string = get_kdc_ip_string(dname, realm, sitename, pss); + if (!kdc_ip_string) { + goto done; + } +diff --git a/source3/libads/kerberos_proto.h b/source3/libads/kerberos_proto.h +index f7470d2..2559634 100644 +--- a/source3/libads/kerberos_proto.h ++++ b/source3/libads/kerberos_proto.h +@@ -62,8 +62,7 @@ int kerberos_kinit_password(const char *principal, + bool create_local_private_krb5_conf_for_domain(const char *realm, + const char *domain, + const char *sitename, +- const struct sockaddr_storage *pss, +- const char *kdc_name); ++ const struct sockaddr_storage *pss); + + /* The following definitions come from libads/authdata.c */ + +diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c +index a87eb38..68884cd 100644 +--- a/source3/libnet/libnet_join.c ++++ b/source3/libnet/libnet_join.c +@@ -2152,8 +2152,7 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, + + create_local_private_krb5_conf_for_domain( + r->out.dns_domain_name, r->out.netbios_domain_name, +- NULL, smbXcli_conn_remote_sockaddr(cli->conn), +- smbXcli_conn_remote_name(cli->conn)); ++ NULL, smbXcli_conn_remote_sockaddr(cli->conn)); + + if (r->out.domain_is_ad && r->in.account_ou && + !(r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_UNSECURE)) { +diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c +index 3cfae79..eb34741 100644 +--- a/source3/libsmb/namequery_dc.c ++++ b/source3/libsmb/namequery_dc.c +@@ -112,14 +112,12 @@ static bool ads_dc_name(const char *domain, + create_local_private_krb5_conf_for_domain(realm, + domain, + sitename, +- &ads->ldap.ss, +- ads->config.ldap_server_name); ++ &ads->ldap.ss); + } else { + create_local_private_krb5_conf_for_domain(realm, + domain, + NULL, +- &ads->ldap.ss, +- ads->config.ldap_server_name); ++ &ads->ldap.ss); + } + } + #endif +diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c +index 669a43e..be13a57 100644 +--- a/source3/winbindd/winbindd_cm.c ++++ b/source3/winbindd/winbindd_cm.c +@@ -1233,8 +1233,7 @@ static bool dcip_to_name(TALLOC_CTX *mem_ctx, + create_local_private_krb5_conf_for_domain(domain->alt_name, + domain->name, + sitename, +- pss, +- *name); ++ pss); + + SAFE_FREE(sitename); + } else { +@@ -1242,8 +1241,7 @@ static bool dcip_to_name(TALLOC_CTX *mem_ctx, + create_local_private_krb5_conf_for_domain(domain->alt_name, + domain->name, + NULL, +- pss, +- *name); ++ pss); + } + winbindd_set_locator_kdc_envs(domain); + +-- +1.8.5.3 + |