[SCM] Samba Shared Repository - branch master updated
Günther Deschner
gd at samba.org
Fri Mar 7 10:44:03 MST 2014
The branch, master has been updated
via a8c0de3 s3-kerberos: remove unused kdc_name from create_local_private_krb5_conf_for_domain().
via 168627e s3-kerberos: remove print_kdc_line() completely.
from f7883ae s4:lib/socket: simplify iface_list_wildcard() and its callers
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit a8c0de35f75987c66e2282623a79e88c0ccd74de
Author: Günther Deschner <gd at samba.org>
Date: Fri Mar 7 14:47:31 2014 +0100
s3-kerberos: remove unused kdc_name from create_local_private_krb5_conf_for_domain().
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Fri Mar 7 18:43:57 CET 2014 on sn-devel-104
commit 168627e1877317db86471a4b0360dccd9f469aaa
Author: Günther Deschner <gd at samba.org>
Date: Mon Jan 13 15:59:26 2014 +0100
s3-kerberos: remove print_kdc_line() completely.
Just calling print_canonical_sockaddr() is sufficient, as it already deals with
ipv6 as well. The port handling, which was only done for IPv6 (not IPv4), is
removed as well. It was pointless because it always derived the port number from
the provided address which was either a SMB (usually port 445) or LDAP
connection. No KDC will ever run on port 389 or 445 on a Windows/Samba DC.
Finally, the kerberos libraries that we support and build with, can deal with
ipv6 addresses in krb5.conf, so we no longer put the (unnecessary) burden of
resolving the DC name on the kerberos library anymore.
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/libads/kerberos.c | 83 ++++----------------------------------
source3/libads/kerberos_proto.h | 3 +-
source3/libnet/libnet_join.c | 3 +-
source3/libsmb/namequery_dc.c | 6 +--
source3/winbindd/winbindd_cm.c | 6 +--
5 files changed, 15 insertions(+), 86 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index b026e09..649e568 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -592,70 +592,6 @@ int kerberos_kinit_password(const char *principal,
/************************************************************************
************************************************************************/
-static char *print_kdc_line(char *mem_ctx,
- const char *prev_line,
- const struct sockaddr_storage *pss,
- const char *kdc_name)
-{
- char addr[INET6_ADDRSTRLEN];
- uint16_t port = get_sockaddr_port(pss);
-
- if (pss->ss_family == AF_INET) {
- return talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
- prev_line,
- print_canonical_sockaddr(mem_ctx, pss));
- }
-
- /*
- * IPv6 starts here
- */
-
- DEBUG(10, ("print_kdc_line: IPv6 case for kdc_name: %s, port: %d\n",
- kdc_name, port));
-
- if (port != 0 && port != DEFAULT_KRB5_PORT) {
- /* Currently for IPv6 we can't specify a non-default
- krb5 port with an address, as this requires a ':'.
- Resolve to a name. */
- char hostname[MAX_DNS_NAME_LENGTH];
- int ret = sys_getnameinfo((const struct sockaddr *)pss,
- sizeof(*pss),
- hostname, sizeof(hostname),
- NULL, 0,
- NI_NAMEREQD);
- if (ret) {
- DEBUG(0,("print_kdc_line: can't resolve name "
- "for kdc with non-default port %s. "
- "Error %s\n.",
- print_canonical_sockaddr(mem_ctx, pss),
- gai_strerror(ret)));
- return NULL;
- }
- /* Success, use host:port */
- return talloc_asprintf(mem_ctx,
- "%s\tkdc = %s:%u\n",
- prev_line,
- hostname,
- (unsigned int)port);
- }
-
- /* no krb5 lib currently supports "kdc = ipv6 address"
- * at all, so just fill in just the kdc_name if we have
- * it and let the krb5 lib figure out the appropriate
- * ipv6 address - gd */
-
- if (kdc_name) {
- return talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
- prev_line, kdc_name);
- }
-
- return talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
- prev_line,
- print_sockaddr(addr,
- sizeof(addr),
- pss));
-}
-
/************************************************************************
Create a string list of available kdc's, possibly searching by sitename.
Does DNS queries.
@@ -682,8 +618,7 @@ static void add_sockaddr_unique(struct sockaddr_storage *addrs, int *num_addrs,
static char *get_kdc_ip_string(char *mem_ctx,
const char *realm,
const char *sitename,
- const struct sockaddr_storage *pss,
- const char *kdc_name)
+ const struct sockaddr_storage *pss)
{
TALLOC_CTX *frame = talloc_stackframe();
int i;
@@ -698,7 +633,8 @@ static char *get_kdc_ip_string(char *mem_ctx,
char *result = NULL;
struct netlogon_samlogon_response **responses = NULL;
NTSTATUS status;
- char *kdc_str = print_kdc_line(mem_ctx, "", pss, kdc_name);
+ char *kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n", "",
+ print_canonical_sockaddr(mem_ctx, pss));
if (kdc_str == NULL) {
TALLOC_FREE(frame);
@@ -788,9 +724,9 @@ static char *get_kdc_ip_string(char *mem_ctx,
}
/* Append to the string - inefficient but not done often. */
- new_kdc_str = print_kdc_line(mem_ctx, kdc_str,
- &dc_addrs[i],
- kdc_name);
+ new_kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
+ kdc_str,
+ print_canonical_sockaddr(mem_ctx, &dc_addrs[i]));
if (new_kdc_str == NULL) {
goto fail;
}
@@ -819,8 +755,7 @@ fail:
bool create_local_private_krb5_conf_for_domain(const char *realm,
const char *domain,
const char *sitename,
- const struct sockaddr_storage *pss,
- const char *kdc_name)
+ const struct sockaddr_storage *pss)
{
char *dname;
char *tmpname = NULL;
@@ -845,7 +780,7 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
return false;
}
- if (domain == NULL || pss == NULL || kdc_name == NULL) {
+ if (domain == NULL || pss == NULL) {
return false;
}
@@ -878,7 +813,7 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
goto done;
}
- kdc_ip_string = get_kdc_ip_string(dname, realm, sitename, pss, kdc_name);
+ kdc_ip_string = get_kdc_ip_string(dname, realm, sitename, pss);
if (!kdc_ip_string) {
goto done;
}
diff --git a/source3/libads/kerberos_proto.h b/source3/libads/kerberos_proto.h
index f7470d2..2559634 100644
--- a/source3/libads/kerberos_proto.h
+++ b/source3/libads/kerberos_proto.h
@@ -62,8 +62,7 @@ int kerberos_kinit_password(const char *principal,
bool create_local_private_krb5_conf_for_domain(const char *realm,
const char *domain,
const char *sitename,
- const struct sockaddr_storage *pss,
- const char *kdc_name);
+ const struct sockaddr_storage *pss);
/* The following definitions come from libads/authdata.c */
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index a87eb38..68884cd 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -2152,8 +2152,7 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx,
create_local_private_krb5_conf_for_domain(
r->out.dns_domain_name, r->out.netbios_domain_name,
- NULL, smbXcli_conn_remote_sockaddr(cli->conn),
- smbXcli_conn_remote_name(cli->conn));
+ NULL, smbXcli_conn_remote_sockaddr(cli->conn));
if (r->out.domain_is_ad && r->in.account_ou &&
!(r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_UNSECURE)) {
diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c
index 3cfae79..eb34741 100644
--- a/source3/libsmb/namequery_dc.c
+++ b/source3/libsmb/namequery_dc.c
@@ -112,14 +112,12 @@ static bool ads_dc_name(const char *domain,
create_local_private_krb5_conf_for_domain(realm,
domain,
sitename,
- &ads->ldap.ss,
- ads->config.ldap_server_name);
+ &ads->ldap.ss);
} else {
create_local_private_krb5_conf_for_domain(realm,
domain,
NULL,
- &ads->ldap.ss,
- ads->config.ldap_server_name);
+ &ads->ldap.ss);
}
}
#endif
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 669a43e..be13a57 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -1233,8 +1233,7 @@ static bool dcip_to_name(TALLOC_CTX *mem_ctx,
create_local_private_krb5_conf_for_domain(domain->alt_name,
domain->name,
sitename,
- pss,
- *name);
+ pss);
TALLOC_FREE(sitename);
} else {
@@ -1242,8 +1241,7 @@ static bool dcip_to_name(TALLOC_CTX *mem_ctx,
create_local_private_krb5_conf_for_domain(domain->alt_name,
domain->name,
NULL,
- pss,
- *name);
+ pss);
}
winbindd_set_locator_kdc_envs(domain);
--
Samba Shared Repository
More information about the samba-cvs
mailing list