From 6a8ecb1f8c58b93f7bc362f1f0e38b154978345e Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Thu, 9 Feb 2017 07:09:38 +0100
Subject: [PATCH 1/2] s3:libads: improve the logic in get_kdc_ip_string()

This fixes possible memory leaks on 'mem_ctx' and
always adds :88 (also for ipv4 addresses).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12515

Signed-off-by: Stefan Metzmacher <metze@samba.org>
---
 source3/libads/kerberos.c | 72 ++++++++++++++++++++++-------------------------
 1 file changed, 33 insertions(+), 39 deletions(-)

diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index dcb268e..18fd464 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -720,31 +720,6 @@ static void add_sockaddr_unique(struct sockaddr_storage *addrs, int *num_addrs,
 	*num_addrs += 1;
 }
 
-/* print_canonical_sockaddr prints an ipv6 addr in the form of
-* [ipv6.addr]. This string, when put in a generated krb5.conf file is not
-* always properly dealt with by some older krb5 libraries. Adding the hard-coded
-* portnumber workarounds the issue. - gd */
-
-static char *print_canonical_sockaddr_with_port(TALLOC_CTX *mem_ctx,
-						const struct sockaddr_storage *pss)
-{
-	char *str = NULL;
-
-	str = print_canonical_sockaddr(mem_ctx, pss);
-	if (str == NULL) {
-		return NULL;
-	}
-
-	if (pss->ss_family != AF_INET6) {
-		return str;
-	}
-
-#if defined(HAVE_IPV6)
-	str = talloc_asprintf_append(str, ":88");
-#endif
-	return str;
-}
-
 static char *get_kdc_ip_string(char *mem_ctx,
 		const char *realm,
 		const char *sitename,
@@ -763,12 +738,26 @@ static char *get_kdc_ip_string(char *mem_ctx,
 	char *result = NULL;
 	struct netlogon_samlogon_response **responses = NULL;
 	NTSTATUS status;
-	char *kdc_str = talloc_asprintf(mem_ctx, "%s\t\tkdc = %s\n", "",
-					print_canonical_sockaddr_with_port(mem_ctx, pss));
+	char *addr_str = NULL;
+	const uint16_t kdc_port = 88;
 
-	if (kdc_str == NULL) {
-		TALLOC_FREE(frame);
-		return NULL;
+	addr_str = print_canonical_sockaddr(talloc_tos(), pss);
+	if (addr_str == NULL) {
+		goto out;
+	}
+
+	/*
+	 * print_canonical_sockaddr prints an ipv6 addr in the form of
+	 * [ipv6.addr]. This string, when put in a generated krb5.conf file is
+	 * not always properly dealt with by some older krb5 libraries. Adding
+	 * the hard-coded portnumber workarounds the issue. - gd
+	 */
+	result = talloc_asprintf(mem_ctx,
+				 "\t\tkdc = %s:%u\n",
+				 addr_str, kdc_port);
+	TALLOC_FREE(addr_str);
+	if (result == NULL) {
+		goto out;
 	}
 
 	/*
@@ -859,27 +848,32 @@ static char *get_kdc_ip_string(char *mem_ctx,
 	}
 
 	for (i=0; i<num_dcs; i++) {
-		char *new_kdc_str;
+		char *new_str = NULL;
 
 		if (responses[i] == NULL) {
 			continue;
 		}
 
+		addr_str = print_canonical_sockaddr(talloc_tos(),
+						    &dc_addrs[i]);
+		if (addr_str == NULL) {
+			goto out;
+		}
+
 		/* Append to the string - inefficient but not done often. */
-		new_kdc_str = talloc_asprintf(mem_ctx, "%s\t\tkdc = %s\n",
-					      kdc_str,
-					      print_canonical_sockaddr_with_port(mem_ctx, &dc_addrs[i]));
-		if (new_kdc_str == NULL) {
+		new_str = talloc_asprintf_append_buffer(result,
+					"\t\tkdc = %s:%u\n",
+					addr_str, kdc_port);
+		TALLOC_FREE(addr_str);
+		if (new_str == NULL) {
 			goto out;
 		}
-		TALLOC_FREE(kdc_str);
-		kdc_str = new_kdc_str;
+		result = new_str;
 	}
 
 out:
-	DEBUG(10, ("get_kdc_ip_string: Returning %s\n", kdc_str));
+	DEBUG(10, ("get_kdc_ip_string: Returning \n%s", result));
 
-	result = kdc_str;
 	SAFE_FREE(ip_srv_site);
 	SAFE_FREE(ip_srv_nonsite);
 	TALLOC_FREE(frame);
-- 
1.9.1


From 7b1df2e6b619d655fd174ded3f87049d0a9f0361 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Thu, 9 Feb 2017 07:57:51 +0100
Subject: [PATCH 2/2] s3:libads: let get_kdc_ip_string() also return
 kpasswd_server entries for each kdc

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12515

Signed-off-by: Stefan Metzmacher <metze@samba.org>
---
 source3/libads/kerberos.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index 18fd464..bb25406 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -740,6 +740,7 @@ static char *get_kdc_ip_string(char *mem_ctx,
 	NTSTATUS status;
 	char *addr_str = NULL;
 	const uint16_t kdc_port = 88;
+	const uint16_t kpasswd_port = 464;
 
 	addr_str = print_canonical_sockaddr(talloc_tos(), pss);
 	if (addr_str == NULL) {
@@ -753,8 +754,10 @@ static char *get_kdc_ip_string(char *mem_ctx,
 	 * the hard-coded portnumber workarounds the issue. - gd
 	 */
 	result = talloc_asprintf(mem_ctx,
-				 "\t\tkdc = %s:%u\n",
-				 addr_str, kdc_port);
+				 "\t\tkdc = %s:%u\n"
+				 "\t\tkpasswd_server = %s:%u\n",
+				 addr_str, kdc_port,
+				 addr_str, kpasswd_port);
 	TALLOC_FREE(addr_str);
 	if (result == NULL) {
 		goto out;
@@ -862,8 +865,10 @@ static char *get_kdc_ip_string(char *mem_ctx,
 
 		/* Append to the string - inefficient but not done often. */
 		new_str = talloc_asprintf_append_buffer(result,
-					"\t\tkdc = %s:%u\n",
-					addr_str, kdc_port);
+					"\t\tkdc = %s:%u\n"
+					"\t\tkpasswd_server = %s:%u\n",
+					addr_str, kdc_port,
+					addr_str, kpasswd_port);
 		TALLOC_FREE(addr_str);
 		if (new_str == NULL) {
 			goto out;
-- 
1.9.1