[SCM] Samba Shared Repository - branch v3-5-test updated
Karolin Seeger
kseeger at samba.org
Wed May 19 04:53:46 MDT 2010
The branch, v3-5-test has been updated
via 5ab33be... s3-kerberos: temporary fix for ipv6 in print_kdc_line().
via 2ce299f... s3-kerberos: pass down kdc_name to create_local_private_krb5_conf_for_domain().
via 72d6355... s3-winbind: make the getpeername() checks in cm_prepare_connection IPv6 aware.
from 73bec19... s3-spoolss: Added EN ISO 216, A0 and A1 to builtin forms.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test
- Log -----------------------------------------------------------------
commit 5ab33bec40739c7c86b17536fd6cdc04fc0f91b2
Author: Günther Deschner <gd at samba.org>
Date: Sat May 15 00:34:35 2010 +0200
s3-kerberos: temporary fix for ipv6 in print_kdc_line().
Currently no krb5 lib supports "kdc = ipv6 address" at all, so for now just fill
in just the kdc_name if we have it and let the krb5 lib figure out the
appropriate ipv6 address
ipv6 gurus, please check.
Guenther
(cherry picked from commit dd5a4e23f8c24564d3fd21bb8d01172321087362)
The last 3 patches fix bug #7341 (winbind not working over IPv6).
commit 2ce299f16cb2ff292755186894284d6efb296d08
Author: Günther Deschner <gd at samba.org>
Date: Fri May 14 23:23:34 2010 +0200
s3-kerberos: pass down kdc_name to create_local_private_krb5_conf_for_domain().
Guenther
(cherry picked from commit e3bdff3d67b46277ee59685218bd90f3788b487d)
commit 72d635514d9c00a09b00ed0d9928cab6a3a2f6f7
Author: Günther Deschner <gd at samba.org>
Date: Fri May 14 23:21:47 2010 +0200
s3-winbind: make the getpeername() checks in cm_prepare_connection IPv6 aware.
Note that this failure was hard to track, as winbind did only log a super helpful
"cm_prepare_connection: Success" debug message.
IPv6 gurus, please check
Successfully tested in two independent IPv6 networks now.
Guenther
(cherry picked from commit 14ac2bb36ee22be6133ca1d069dc5de6c1891f47)
-----------------------------------------------------------------------
Summary of changes:
source3/include/proto.h | 3 +-
source3/libads/kerberos.c | 44 +++++++++++++++++++++++++++++----------
source3/libsmb/namequery_dc.c | 6 +++-
source3/winbindd/winbindd_cm.c | 36 ++++++++++++++++++++++++++------
4 files changed, 67 insertions(+), 22 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 0813f0c..f30939a 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1809,7 +1809,8 @@ int kerberos_kinit_password(const char *principal,
bool create_local_private_krb5_conf_for_domain(const char *realm,
const char *domain,
const char *sitename,
- struct sockaddr_storage *pss);
+ struct sockaddr_storage *pss,
+ const char *kdc_name);
/* The following definitions come from libads/kerberos_keytab.c */
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index 7fb4ec3..df0ec8e 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -715,7 +715,8 @@ int kerberos_kinit_password(const char *principal,
static char *print_kdc_line(char *mem_ctx,
const char *prev_line,
- const struct sockaddr_storage *pss)
+ const struct sockaddr_storage *pss,
+ const char *kdc_name)
{
char *kdc_str = NULL;
@@ -727,6 +728,9 @@ static char *print_kdc_line(char *mem_ctx,
char addr[INET6_ADDRSTRLEN];
uint16_t port = get_sockaddr_port(pss);
+ DEBUG(10,("print_kdc_line: IPv6 case for kdc_name: %s, port: %d\n",
+ kdc_name, port));
+
if (port != 0 && port != DEFAULT_KRB5_PORT) {
/* Currently for IPv6 we can't specify a non-default
krb5 port with an address, as this requires a ':'.
@@ -743,6 +747,7 @@ static char *print_kdc_line(char *mem_ctx,
"Error %s\n.",
print_canonical_sockaddr(mem_ctx, pss),
gai_strerror(ret)));
+ return NULL;
}
/* Success, use host:port */
kdc_str = talloc_asprintf(mem_ctx,
@@ -751,11 +756,22 @@ static char *print_kdc_line(char *mem_ctx,
hostname,
(unsigned int)port);
} else {
- kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
- prev_line,
- print_sockaddr(addr,
- sizeof(addr),
- pss));
+
+ /* no krb5 lib currently supports "kdc = ipv6 address"
+ * at all, so just fill in just the kdc_name if we have
+ * it and let the krb5 lib figure out the appropriate
+ * ipv6 address - gd */
+
+ if (kdc_name) {
+ kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
+ prev_line, kdc_name);
+ } else {
+ kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
+ prev_line,
+ print_sockaddr(addr,
+ sizeof(addr),
+ pss));
+ }
}
}
return kdc_str;
@@ -772,14 +788,15 @@ static char *print_kdc_line(char *mem_ctx,
static char *get_kdc_ip_string(char *mem_ctx,
const char *realm,
const char *sitename,
- struct sockaddr_storage *pss)
+ struct sockaddr_storage *pss,
+ const char *kdc_name)
{
int i;
struct ip_service *ip_srv_site = NULL;
struct ip_service *ip_srv_nonsite = NULL;
int count_site = 0;
int count_nonsite;
- char *kdc_str = print_kdc_line(mem_ctx, "", pss);
+ char *kdc_str = print_kdc_line(mem_ctx, "", pss, kdc_name);
if (kdc_str == NULL) {
return NULL;
@@ -803,7 +820,8 @@ static char *get_kdc_ip_string(char *mem_ctx,
* but not done often. */
kdc_str = print_kdc_line(mem_ctx,
kdc_str,
- &ip_srv_site[i].ss);
+ &ip_srv_site[i].ss,
+ NULL);
if (!kdc_str) {
SAFE_FREE(ip_srv_site);
return NULL;
@@ -840,7 +858,8 @@ static char *get_kdc_ip_string(char *mem_ctx,
/* Append to the string - inefficient but not done often. */
kdc_str = print_kdc_line(mem_ctx,
kdc_str,
- &ip_srv_nonsite[i].ss);
+ &ip_srv_nonsite[i].ss,
+ NULL);
if (!kdc_str) {
SAFE_FREE(ip_srv_site);
SAFE_FREE(ip_srv_nonsite);
@@ -868,7 +887,8 @@ static char *get_kdc_ip_string(char *mem_ctx,
bool create_local_private_krb5_conf_for_domain(const char *realm,
const char *domain,
const char *sitename,
- struct sockaddr_storage *pss)
+ struct sockaddr_storage *pss,
+ const char *kdc_name)
{
char *dname;
char *tmpname = NULL;
@@ -912,7 +932,7 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
realm_upper = talloc_strdup(fname, realm);
strupper_m(realm_upper);
- kdc_ip_string = get_kdc_ip_string(dname, realm, sitename, pss);
+ kdc_ip_string = get_kdc_ip_string(dname, realm, sitename, pss, kdc_name);
if (!kdc_ip_string) {
goto done;
}
diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c
index 7b0748f..68e399a 100644
--- a/source3/libsmb/namequery_dc.c
+++ b/source3/libsmb/namequery_dc.c
@@ -108,12 +108,14 @@ static bool ads_dc_name(const char *domain,
create_local_private_krb5_conf_for_domain(realm,
domain,
sitename,
- &ads->ldap.ss);
+ &ads->ldap.ss,
+ ads->config.ldap_server_name);
} else {
create_local_private_krb5_conf_for_domain(realm,
domain,
NULL,
- &ads->ldap.ss);
+ &ads->ldap.ss,
+ ads->config.ldap_server_name);
}
}
#endif
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 34c1a39..ee9a656 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -806,11 +806,31 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
peeraddr_len = sizeof(peeraddr);
- if ((getpeername((*cli)->fd, &peeraddr, &peeraddr_len) != 0) ||
- (peeraddr_len != sizeof(struct sockaddr_in)) ||
- (peeraddr_in->sin_family != PF_INET))
- {
- DEBUG(0,("cm_prepare_connection: %s\n", strerror(errno)));
+ if ((getpeername((*cli)->fd, &peeraddr, &peeraddr_len) != 0)) {
+ DEBUG(0,("cm_prepare_connection: getpeername failed with: %s\n",
+ strerror(errno)));
+ result = NT_STATUS_UNSUCCESSFUL;
+ goto done;
+ }
+
+ if ((peeraddr_len != sizeof(struct sockaddr_in))
+#ifdef HAVE_IPV6
+ && (peeraddr_len != sizeof(struct sockaddr_in6))
+#endif
+ ) {
+ DEBUG(0,("cm_prepare_connection: got unexpected peeraddr len %d\n",
+ peeraddr_len));
+ result = NT_STATUS_UNSUCCESSFUL;
+ goto done;
+ }
+
+ if ((peeraddr_in->sin_family != PF_INET)
+#ifdef HAVE_IPV6
+ && (peeraddr_in->sin_family != PF_INET6)
+#endif
+ ) {
+ DEBUG(0,("cm_prepare_connection: got unexpected family %d\n",
+ peeraddr_in->sin_family));
result = NT_STATUS_UNSUCCESSFUL;
goto done;
}
@@ -1130,7 +1150,8 @@ static bool dcip_to_name(TALLOC_CTX *mem_ctx,
create_local_private_krb5_conf_for_domain(domain->alt_name,
domain->name,
sitename,
- pss);
+ pss,
+ name);
SAFE_FREE(sitename);
} else {
@@ -1138,7 +1159,8 @@ static bool dcip_to_name(TALLOC_CTX *mem_ctx,
create_local_private_krb5_conf_for_domain(domain->alt_name,
domain->name,
NULL,
- pss);
+ pss,
+ name);
}
winbindd_set_locator_kdc_envs(domain);
--
Samba Shared Repository
More information about the samba-cvs
mailing list