The Samba-Bugzilla – Attachment 12743 Details for
Bug 12441
The krb5.conf created by net and winbind does not include the system /etc/krb5.conf
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
system_krb5_conf-v4.4.patch
system_krb5_conf-v4.4.patch (text/plain), 6.02 KB, created by
Andreas Schneider
on 2016-12-07 13:21:15 UTC
(
hide
)
Description:
system_krb5_conf-v4.4.patch
Filename:
MIME Type:
Creator:
Andreas Schneider
Created:
2016-12-07 13:21:15 UTC
Size:
6.02 KB
patch
obsolete
>From ad689bcda632bbfd90058c32973b3498cac76e0e Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Wed, 23 Nov 2016 14:39:47 +0100 >Subject: [PATCH 1/3] s3:param: Add an 'include system krb5 conf' option > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12441 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Alexander Bokovoy <ab@samba.org> >(cherry picked from commit f464f69b33b40c81d6ee57bebf9d59837431739b) >--- > docs-xml/smbdotconf/winbind/includesystemkrb5conf.xml | 15 +++++++++++++++ > source3/param/loadparm.c | 1 + > 2 files changed, 16 insertions(+) > create mode 100644 docs-xml/smbdotconf/winbind/includesystemkrb5conf.xml > >diff --git a/docs-xml/smbdotconf/winbind/includesystemkrb5conf.xml b/docs-xml/smbdotconf/winbind/includesystemkrb5conf.xml >new file mode 100644 >index 00000000000..3e5329253b0 >--- /dev/null >+++ b/docs-xml/smbdotconf/winbind/includesystemkrb5conf.xml >@@ -0,0 +1,15 @@ >+<samba:parameter name="include system krb5 conf" >+ context="G" >+ type="boolean" >+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> >+<description> >+ <para> >+ Setting this parameter to <value type="example">no</value> will prevent >+ winbind to include the system /etc/krb5.conf file into the krb5.conf file >+ it creates. See also <smbconfoption name="create krb5 conf"/>. This option >+ only applies to Samba built with MIT Kerberos. >+ </para> >+ >+</description> >+<value type="default">yes</value> >+</samba:parameter> >diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c >index 32acd033b9b..f7cf70b53d8 100644 >--- a/source3/param/loadparm.c >+++ b/source3/param/loadparm.c >@@ -713,6 +713,7 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals) > Globals.reset_on_zero_vc = false; > Globals.log_writeable_files_on_exit = false; > Globals.create_krb5_conf = true; >+ Globals.include_system_krb5_conf = true; > Globals._winbind_max_domain_connections = 1; > > /* hostname lookups can be very expensive and are broken on >-- >2.11.0 > > >From 8c4a920998d998e1235de367621771a4dfe5e136 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Wed, 23 Nov 2016 14:40:42 +0100 >Subject: [PATCH 2/3] s3:libads: Include system /etc/krb5.conf if we use MIT > Kerberos > >The system /etc/krb5.conf defines some defaults like: > > default_ccache_name = KEYRING:persistent:%{uid} > >We need to respect that so should include it in our own created >krb5.conf file. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12441 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Alexander Bokovoy <ab@samba.org> >(cherry picked from commit 4ef772be3a7259b48253643392574fab28c37916) >--- > source3/libads/kerberos.c | 13 +++++++++++-- > 1 file changed, 11 insertions(+), 2 deletions(-) > >diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c >index 4774a9fc726..94ff95cca31 100644 >--- a/source3/libads/kerberos.c >+++ b/source3/libads/kerberos.c >@@ -844,6 +844,7 @@ bool create_local_private_krb5_conf_for_domain(const char *realm, > char *realm_upper = NULL; > bool result = false; > char *aes_enctypes = NULL; >+ const char *include_system_krb5 = ""; > mode_t mask; > > if (!lp_create_krb5_conf()) { >@@ -912,6 +913,12 @@ bool create_local_private_krb5_conf_for_domain(const char *realm, > } > #endif > >+#if !defined(SAMBA4_USES_HEIMDAL) >+ if (lp_include_system_krb5_conf()) { >+ include_system_krb5 = "include /etc/krb5.conf"; >+ } >+#endif >+ > file_contents = talloc_asprintf(fname, > "[libdefaults]\n\tdefault_realm = %s\n" > "\tdefault_tgs_enctypes = %s RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n" >@@ -919,9 +926,11 @@ bool create_local_private_krb5_conf_for_domain(const char *realm, > "\tpreferred_enctypes = %s RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n" > "\tdns_lookup_realm = false\n\n" > "[realms]\n\t%s = {\n" >- "%s\t}\n", >+ "%s\t}\n" >+ "%s\n", > realm_upper, aes_enctypes, aes_enctypes, aes_enctypes, >- realm_upper, kdc_ip_string); >+ realm_upper, kdc_ip_string, >+ include_system_krb5); > > if (!file_contents) { > goto done; >-- >2.11.0 > > >From 83b34a5a5de90e0c50fa6ad8c1427e74f07a9565 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Thu, 1 Dec 2016 08:18:58 +0100 >Subject: [PATCH 3/3] selftest: Do not include system krb5.conf in selftest > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12441 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Alexander Bokovoy <ab@samba.org> >--- > python/samba/tests/docs.py | 3 ++- > selftest/selftest.pl | 1 + > selftest/target/Samba3.pm | 1 + > 3 files changed, 4 insertions(+), 1 deletion(-) > >diff --git a/python/samba/tests/docs.py b/python/samba/tests/docs.py >index e7123b6d9ad..405b84469e2 100644 >--- a/python/samba/tests/docs.py >+++ b/python/samba/tests/docs.py >@@ -165,7 +165,8 @@ class SmbDotConfTests(TestCase): > 'queuepause command','lpresume command', 'lppause command', > 'lprm command', 'lpq command', 'print command', 'template homedir', > 'spoolss: os_major', 'spoolss: os_minor', 'spoolss: os_build', >- 'max open files', 'fss: prune stale', 'fss: sequence timeout']) >+ 'max open files', 'fss: prune stale', 'fss: sequence timeout', >+ 'include system krb5 conf']) > > def setUp(self): > super(SmbDotConfTests, self).setUp() >diff --git a/selftest/selftest.pl b/selftest/selftest.pl >index ff5f27d0855..d743136f0f3 100755 >--- a/selftest/selftest.pl >+++ b/selftest/selftest.pl >@@ -595,6 +595,7 @@ sub write_clientconf($$$) > tls cafile = ${cacert} > tls crlfile = ${cacrl_pem} > tls verify peer = no_check >+ include system krb5 conf = no > "; > close(CF); > } >diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm >index aef3fd7c580..5e62cf12fd6 100755 >--- a/selftest/target/Samba3.pm >+++ b/selftest/target/Samba3.pm >@@ -1414,6 +1414,7 @@ sub provision($$$$$$$$) > winbind enum users = yes > winbind enum groups = yes > winbind separator = / >+ include system krb5 conf = no > > # min receivefile size = 4000 > >-- >2.11.0 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
ab
:
review+
Actions:
View
Attachments on
bug 12441
:
12723
|
12724
|
12742
| 12743