[SCM] Samba Shared Repository - branch master updated

Günther Deschner gd at samba.org
Mon May 17 05:19:38 MDT 2010 

The branch, master has been updated
       via  dd5a4e2... s3-kerberos: temporary fix for ipv6 in print_kdc_line().
       via  e3bdff3... s3-kerberos: pass down kdc_name to create_local_private_krb5_conf_for_domain().
      from  14ac2bb... s3-winbind: make the getpeername() checks in cm_prepare_connection IPv6 aware.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit dd5a4e23f8c24564d3fd21bb8d01172321087362
Author: Günther Deschner <gd at samba.org>
Date:   Sat May 15 00:34:35 2010 +0200

    s3-kerberos: temporary fix for ipv6 in print_kdc_line().
    
    Currently no krb5 lib supports "kdc = ipv6 address" at all, so for now just fill
    in just the kdc_name if we have it and let the krb5 lib figure out the
    appropriate ipv6 address
    
    ipv6 gurus, please check.
    
    Guenther

commit e3bdff3d67b46277ee59685218bd90f3788b487d
Author: Günther Deschner <gd at samba.org>
Date:   Fri May 14 23:23:34 2010 +0200

    s3-kerberos: pass down kdc_name to create_local_private_krb5_conf_for_domain().
    
    Guenther

-----------------------------------------------------------------------

Summary of changes:
 source3/include/proto.h        |    3 +-
 source3/libads/kerberos.c      |   44 +++++++++++++++++++++++++++++----------
 source3/libsmb/namequery_dc.c  |    6 +++-
 source3/winbindd/winbindd_cm.c |    6 +++-
 4 files changed, 42 insertions(+), 17 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/include/proto.h b/source3/include/proto.h
index 91b6bd9..b633d9e 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1821,7 +1821,8 @@ int kerberos_kinit_password(const char *principal,
 bool create_local_private_krb5_conf_for_domain(const char *realm,
 						const char *domain,
 						const char *sitename,
-						struct sockaddr_storage *pss);
+						struct sockaddr_storage *pss,
+						const char *kdc_name);
 
 /* The following definitions come from libads/kerberos_keytab.c  */
 
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index 7fb4ec3..df0ec8e 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -715,7 +715,8 @@ int kerberos_kinit_password(const char *principal,
 
 static char *print_kdc_line(char *mem_ctx,
 			const char *prev_line,
-			const struct sockaddr_storage *pss)
+			const struct sockaddr_storage *pss,
+			const char *kdc_name)
 {
 	char *kdc_str = NULL;
 
@@ -727,6 +728,9 @@ static char *print_kdc_line(char *mem_ctx,
 		char addr[INET6_ADDRSTRLEN];
 		uint16_t port = get_sockaddr_port(pss);
 
+		DEBUG(10,("print_kdc_line: IPv6 case for kdc_name: %s, port: %d\n",
+			kdc_name, port));
+
 		if (port != 0 && port != DEFAULT_KRB5_PORT) {
 			/* Currently for IPv6 we can't specify a non-default
 			   krb5 port with an address, as this requires a ':'.
@@ -743,6 +747,7 @@ static char *print_kdc_line(char *mem_ctx,
 					"Error %s\n.",
 					print_canonical_sockaddr(mem_ctx, pss),
 					gai_strerror(ret)));
+				return NULL;
 			}
 			/* Success, use host:port */
 			kdc_str = talloc_asprintf(mem_ctx,
@@ -751,11 +756,22 @@ static char *print_kdc_line(char *mem_ctx,
 					hostname,
 					(unsigned int)port);
 		} else {
-			kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
-					prev_line,
-					print_sockaddr(addr,
-						sizeof(addr),
-						pss));
+
+			/* no krb5 lib currently supports "kdc = ipv6 address"
+			 * at all, so just fill in just the kdc_name if we have
+			 * it and let the krb5 lib figure out the appropriate
+			 * ipv6 address - gd */
+
+			if (kdc_name) {
+				kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
+						prev_line, kdc_name);
+			} else {
+				kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
+						prev_line,
+						print_sockaddr(addr,
+							sizeof(addr),
+							pss));
+			}
 		}
 	}
 	return kdc_str;
@@ -772,14 +788,15 @@ static char *print_kdc_line(char *mem_ctx,
 static char *get_kdc_ip_string(char *mem_ctx,
 		const char *realm,
 		const char *sitename,
-		struct sockaddr_storage *pss)
+		struct sockaddr_storage *pss,
+		const char *kdc_name)
 {
 	int i;
 	struct ip_service *ip_srv_site = NULL;
 	struct ip_service *ip_srv_nonsite = NULL;
 	int count_site = 0;
 	int count_nonsite;
-	char *kdc_str = print_kdc_line(mem_ctx, "", pss);
+	char *kdc_str = print_kdc_line(mem_ctx, "", pss, kdc_name);
 
 	if (kdc_str == NULL) {
 		return NULL;
@@ -803,7 +820,8 @@ static char *get_kdc_ip_string(char *mem_ctx,
 			 * but not done often. */
 			kdc_str = print_kdc_line(mem_ctx,
 						kdc_str,
-						&ip_srv_site[i].ss);
+						&ip_srv_site[i].ss,
+						NULL);
 			if (!kdc_str) {
 				SAFE_FREE(ip_srv_site);
 				return NULL;
@@ -840,7 +858,8 @@ static char *get_kdc_ip_string(char *mem_ctx,
 		/* Append to the string - inefficient but not done often. */
 		kdc_str = print_kdc_line(mem_ctx,
 				kdc_str,
-				&ip_srv_nonsite[i].ss);
+				&ip_srv_nonsite[i].ss,
+				NULL);
 		if (!kdc_str) {
 			SAFE_FREE(ip_srv_site);
 			SAFE_FREE(ip_srv_nonsite);
@@ -868,7 +887,8 @@ static char *get_kdc_ip_string(char *mem_ctx,
 bool create_local_private_krb5_conf_for_domain(const char *realm,
 						const char *domain,
 						const char *sitename,
-						struct sockaddr_storage *pss)
+						struct sockaddr_storage *pss,
+						const char *kdc_name)
 {
 	char *dname;
 	char *tmpname = NULL;
@@ -912,7 +932,7 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
 	realm_upper = talloc_strdup(fname, realm);
 	strupper_m(realm_upper);
 
-	kdc_ip_string = get_kdc_ip_string(dname, realm, sitename, pss);
+	kdc_ip_string = get_kdc_ip_string(dname, realm, sitename, pss, kdc_name);
 	if (!kdc_ip_string) {
 		goto done;
 	}
diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c
index 3b3470d..cebd793 100644
--- a/source3/libsmb/namequery_dc.c
+++ b/source3/libsmb/namequery_dc.c
@@ -109,12 +109,14 @@ static bool ads_dc_name(const char *domain,
 				create_local_private_krb5_conf_for_domain(realm,
 									domain,
 									sitename,
-									&ads->ldap.ss);
+									&ads->ldap.ss,
+									ads->config.ldap_server_name);
 			} else {
 				create_local_private_krb5_conf_for_domain(realm,
 									domain,
 									NULL,
-									&ads->ldap.ss);
+									&ads->ldap.ss,
+									ads->config.ldap_server_name);
 			}
 		}
 #endif
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 45747d4..5ea5196 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -1152,7 +1152,8 @@ static bool dcip_to_name(TALLOC_CTX *mem_ctx,
 					create_local_private_krb5_conf_for_domain(domain->alt_name,
 									domain->name,
 									sitename,
-									pss);
+									pss,
+									name);
 
 					SAFE_FREE(sitename);
 				} else {
@@ -1160,7 +1161,8 @@ static bool dcip_to_name(TALLOC_CTX *mem_ctx,
 					create_local_private_krb5_conf_for_domain(domain->alt_name,
 									domain->name,
 									NULL,
-									pss);
+									pss,
+									name);
 				}
 				winbindd_set_locator_kdc_envs(domain);
 


-- 
Samba Shared Repository

More information about the samba-cvs mailing list