aboutsummaryrefslogtreecommitdiffstats
path: root/meta-networking/recipes-connectivity/samba/samba-4.1.12/02-fix-ipv6-join.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta-networking/recipes-connectivity/samba/samba-4.1.12/02-fix-ipv6-join.patch')
-rw-r--r--meta-networking/recipes-connectivity/samba/samba-4.1.12/02-fix-ipv6-join.patch266
1 files changed, 266 insertions, 0 deletions
diff --git a/meta-networking/recipes-connectivity/samba/samba-4.1.12/02-fix-ipv6-join.patch b/meta-networking/recipes-connectivity/samba/samba-4.1.12/02-fix-ipv6-join.patch
new file mode 100644
index 0000000000..daa283e675
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba-4.1.12/02-fix-ipv6-join.patch
@@ -0,0 +1,266 @@
+From 168627e1877317db86471a4b0360dccd9f469aaa Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Mon, 13 Jan 2014 15:59:26 +0100
+Subject: [PATCH 1/2] s3-kerberos: remove print_kdc_line() completely.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Just calling print_canonical_sockaddr() is sufficient, as it already deals with
+ipv6 as well. The port handling, which was only done for IPv6 (not IPv4), is
+removed as well. It was pointless because it always derived the port number from
+the provided address which was either a SMB (usually port 445) or LDAP
+connection. No KDC will ever run on port 389 or 445 on a Windows/Samba DC.
+Finally, the kerberos libraries that we support and build with, can deal with
+ipv6 addresses in krb5.conf, so we no longer put the (unnecessary) burden of
+resolving the DC name on the kerberos library anymore.
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ source3/libads/kerberos.c | 73 ++++-------------------------------------------
+ 1 file changed, 5 insertions(+), 68 deletions(-)
+
+diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
+index b026e09..ea14350 100644
+--- a/source3/libads/kerberos.c
++++ b/source3/libads/kerberos.c
+@@ -592,70 +592,6 @@ int kerberos_kinit_password(const char *principal,
+ /************************************************************************
+ ************************************************************************/
+
+-static char *print_kdc_line(char *mem_ctx,
+- const char *prev_line,
+- const struct sockaddr_storage *pss,
+- const char *kdc_name)
+-{
+- char addr[INET6_ADDRSTRLEN];
+- uint16_t port = get_sockaddr_port(pss);
+-
+- if (pss->ss_family == AF_INET) {
+- return talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
+- prev_line,
+- print_canonical_sockaddr(mem_ctx, pss));
+- }
+-
+- /*
+- * IPv6 starts here
+- */
+-
+- DEBUG(10, ("print_kdc_line: IPv6 case for kdc_name: %s, port: %d\n",
+- kdc_name, port));
+-
+- if (port != 0 && port != DEFAULT_KRB5_PORT) {
+- /* Currently for IPv6 we can't specify a non-default
+- krb5 port with an address, as this requires a ':'.
+- Resolve to a name. */
+- char hostname[MAX_DNS_NAME_LENGTH];
+- int ret = sys_getnameinfo((const struct sockaddr *)pss,
+- sizeof(*pss),
+- hostname, sizeof(hostname),
+- NULL, 0,
+- NI_NAMEREQD);
+- if (ret) {
+- DEBUG(0,("print_kdc_line: can't resolve name "
+- "for kdc with non-default port %s. "
+- "Error %s\n.",
+- print_canonical_sockaddr(mem_ctx, pss),
+- gai_strerror(ret)));
+- return NULL;
+- }
+- /* Success, use host:port */
+- return talloc_asprintf(mem_ctx,
+- "%s\tkdc = %s:%u\n",
+- prev_line,
+- hostname,
+- (unsigned int)port);
+- }
+-
+- /* no krb5 lib currently supports "kdc = ipv6 address"
+- * at all, so just fill in just the kdc_name if we have
+- * it and let the krb5 lib figure out the appropriate
+- * ipv6 address - gd */
+-
+- if (kdc_name) {
+- return talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
+- prev_line, kdc_name);
+- }
+-
+- return talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
+- prev_line,
+- print_sockaddr(addr,
+- sizeof(addr),
+- pss));
+-}
+-
+ /************************************************************************
+ Create a string list of available kdc's, possibly searching by sitename.
+ Does DNS queries.
+@@ -698,7 +634,8 @@ static char *get_kdc_ip_string(char *mem_ctx,
+ char *result = NULL;
+ struct netlogon_samlogon_response **responses = NULL;
+ NTSTATUS status;
+- char *kdc_str = print_kdc_line(mem_ctx, "", pss, kdc_name);
++ char *kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n", "",
++ print_canonical_sockaddr(mem_ctx, pss));
+
+ if (kdc_str == NULL) {
+ TALLOC_FREE(frame);
+@@ -788,9 +725,9 @@ static char *get_kdc_ip_string(char *mem_ctx,
+ }
+
+ /* Append to the string - inefficient but not done often. */
+- new_kdc_str = print_kdc_line(mem_ctx, kdc_str,
+- &dc_addrs[i],
+- kdc_name);
++ new_kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
++ kdc_str,
++ print_canonical_sockaddr(mem_ctx, &dc_addrs[i]));
+ if (new_kdc_str == NULL) {
+ goto fail;
+ }
+--
+1.8.5.3
+
+
+From 3edb3d4084548960f03356cf4c44a6892e6efb84 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Fri, 7 Mar 2014 14:47:31 +0100
+Subject: [PATCH 2/2] s3-kerberos: remove unused kdc_name from
+ create_local_private_krb5_conf_for_domain().
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ source3/libads/kerberos.c | 10 ++++------
+ source3/libads/kerberos_proto.h | 3 +--
+ source3/libnet/libnet_join.c | 3 +--
+ source3/libsmb/namequery_dc.c | 6 ++----
+ source3/winbindd/winbindd_cm.c | 6 ++----
+ 5 files changed, 10 insertions(+), 18 deletions(-)
+
+diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
+index ea14350..649e568 100644
+--- a/source3/libads/kerberos.c
++++ b/source3/libads/kerberos.c
+@@ -618,8 +618,7 @@ static void add_sockaddr_unique(struct sockaddr_storage *addrs, int *num_addrs,
+ static char *get_kdc_ip_string(char *mem_ctx,
+ const char *realm,
+ const char *sitename,
+- const struct sockaddr_storage *pss,
+- const char *kdc_name)
++ const struct sockaddr_storage *pss)
+ {
+ TALLOC_CTX *frame = talloc_stackframe();
+ int i;
+@@ -756,8 +755,7 @@ fail:
+ bool create_local_private_krb5_conf_for_domain(const char *realm,
+ const char *domain,
+ const char *sitename,
+- const struct sockaddr_storage *pss,
+- const char *kdc_name)
++ const struct sockaddr_storage *pss)
+ {
+ char *dname;
+ char *tmpname = NULL;
+@@ -782,7 +780,7 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
+ return false;
+ }
+
+- if (domain == NULL || pss == NULL || kdc_name == NULL) {
++ if (domain == NULL || pss == NULL) {
+ return false;
+ }
+
+@@ -815,7 +813,7 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
+ goto done;
+ }
+
+- kdc_ip_string = get_kdc_ip_string(dname, realm, sitename, pss, kdc_name);
++ kdc_ip_string = get_kdc_ip_string(dname, realm, sitename, pss);
+ if (!kdc_ip_string) {
+ goto done;
+ }
+diff --git a/source3/libads/kerberos_proto.h b/source3/libads/kerberos_proto.h
+index f7470d2..2559634 100644
+--- a/source3/libads/kerberos_proto.h
++++ b/source3/libads/kerberos_proto.h
+@@ -62,8 +62,7 @@ int kerberos_kinit_password(const char *principal,
+ bool create_local_private_krb5_conf_for_domain(const char *realm,
+ const char *domain,
+ const char *sitename,
+- const struct sockaddr_storage *pss,
+- const char *kdc_name);
++ const struct sockaddr_storage *pss);
+
+ /* The following definitions come from libads/authdata.c */
+
+diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
+index a87eb38..68884cd 100644
+--- a/source3/libnet/libnet_join.c
++++ b/source3/libnet/libnet_join.c
+@@ -2152,8 +2152,7 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx,
+
+ create_local_private_krb5_conf_for_domain(
+ r->out.dns_domain_name, r->out.netbios_domain_name,
+- NULL, smbXcli_conn_remote_sockaddr(cli->conn),
+- smbXcli_conn_remote_name(cli->conn));
++ NULL, smbXcli_conn_remote_sockaddr(cli->conn));
+
+ if (r->out.domain_is_ad && r->in.account_ou &&
+ !(r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_UNSECURE)) {
+diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c
+index 3cfae79..eb34741 100644
+--- a/source3/libsmb/namequery_dc.c
++++ b/source3/libsmb/namequery_dc.c
+@@ -112,14 +112,12 @@ static bool ads_dc_name(const char *domain,
+ create_local_private_krb5_conf_for_domain(realm,
+ domain,
+ sitename,
+- &ads->ldap.ss,
+- ads->config.ldap_server_name);
++ &ads->ldap.ss);
+ } else {
+ create_local_private_krb5_conf_for_domain(realm,
+ domain,
+ NULL,
+- &ads->ldap.ss,
+- ads->config.ldap_server_name);
++ &ads->ldap.ss);
+ }
+ }
+ #endif
+diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
+index 669a43e..be13a57 100644
+--- a/source3/winbindd/winbindd_cm.c
++++ b/source3/winbindd/winbindd_cm.c
+@@ -1233,8 +1233,7 @@ static bool dcip_to_name(TALLOC_CTX *mem_ctx,
+ create_local_private_krb5_conf_for_domain(domain->alt_name,
+ domain->name,
+ sitename,
+- pss,
+- *name);
++ pss);
+
+ SAFE_FREE(sitename);
+ } else {
+@@ -1242,8 +1241,7 @@ static bool dcip_to_name(TALLOC_CTX *mem_ctx,
+ create_local_private_krb5_conf_for_domain(domain->alt_name,
+ domain->name,
+ NULL,
+- pss,
+- *name);
++ pss);
+ }
+ winbindd_set_locator_kdc_envs(domain);
+
+--
+1.8.5.3
+
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-04 15:03:19 +0000