The Samba-Bugzilla – Attachment 12910 Details for
Bug 12515
create_local_private_krb5_conf_for_domain should generate entries for kpasswd_sever
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Possible patches for master
tmp.diff.txt (text/plain), 5.23 KB, created by
Stefan Metzmacher
on 2017-02-09 07:35:14 UTC
(
hide
)
Description:
Possible patches for master
Filename:
MIME Type:
Creator:
Stefan Metzmacher
Created:
2017-02-09 07:35:14 UTC
Size:
5.23 KB
patch
obsolete
>From 6a8ecb1f8c58b93f7bc362f1f0e38b154978345e Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Thu, 9 Feb 2017 07:09:38 +0100 >Subject: [PATCH 1/2] s3:libads: improve the logic in get_kdc_ip_string() > >This fixes possible memory leaks on 'mem_ctx' and >always adds :88 (also for ipv4 addresses). > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12515 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >--- > source3/libads/kerberos.c | 72 ++++++++++++++++++++++------------------------- > 1 file changed, 33 insertions(+), 39 deletions(-) > >diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c >index dcb268e..18fd464 100644 >--- a/source3/libads/kerberos.c >+++ b/source3/libads/kerberos.c >@@ -720,31 +720,6 @@ static void add_sockaddr_unique(struct sockaddr_storage *addrs, int *num_addrs, > *num_addrs += 1; > } > >-/* print_canonical_sockaddr prints an ipv6 addr in the form of >-* [ipv6.addr]. This string, when put in a generated krb5.conf file is not >-* always properly dealt with by some older krb5 libraries. Adding the hard-coded >-* portnumber workarounds the issue. - gd */ >- >-static char *print_canonical_sockaddr_with_port(TALLOC_CTX *mem_ctx, >- const struct sockaddr_storage *pss) >-{ >- char *str = NULL; >- >- str = print_canonical_sockaddr(mem_ctx, pss); >- if (str == NULL) { >- return NULL; >- } >- >- if (pss->ss_family != AF_INET6) { >- return str; >- } >- >-#if defined(HAVE_IPV6) >- str = talloc_asprintf_append(str, ":88"); >-#endif >- return str; >-} >- > static char *get_kdc_ip_string(char *mem_ctx, > const char *realm, > const char *sitename, >@@ -763,12 +738,26 @@ static char *get_kdc_ip_string(char *mem_ctx, > char *result = NULL; > struct netlogon_samlogon_response **responses = NULL; > NTSTATUS status; >- char *kdc_str = talloc_asprintf(mem_ctx, "%s\t\tkdc = %s\n", "", >- print_canonical_sockaddr_with_port(mem_ctx, pss)); >+ char *addr_str = NULL; >+ const uint16_t kdc_port = 88; > >- if (kdc_str == NULL) { >- TALLOC_FREE(frame); >- return NULL; >+ addr_str = print_canonical_sockaddr(talloc_tos(), pss); >+ if (addr_str == NULL) { >+ goto out; >+ } >+ >+ /* >+ * print_canonical_sockaddr prints an ipv6 addr in the form of >+ * [ipv6.addr]. This string, when put in a generated krb5.conf file is >+ * not always properly dealt with by some older krb5 libraries. Adding >+ * the hard-coded portnumber workarounds the issue. - gd >+ */ >+ result = talloc_asprintf(mem_ctx, >+ "\t\tkdc = %s:%u\n", >+ addr_str, kdc_port); >+ TALLOC_FREE(addr_str); >+ if (result == NULL) { >+ goto out; > } > > /* >@@ -859,27 +848,32 @@ static char *get_kdc_ip_string(char *mem_ctx, > } > > for (i=0; i<num_dcs; i++) { >- char *new_kdc_str; >+ char *new_str = NULL; > > if (responses[i] == NULL) { > continue; > } > >+ addr_str = print_canonical_sockaddr(talloc_tos(), >+ &dc_addrs[i]); >+ if (addr_str == NULL) { >+ goto out; >+ } >+ > /* Append to the string - inefficient but not done often. */ >- new_kdc_str = talloc_asprintf(mem_ctx, "%s\t\tkdc = %s\n", >- kdc_str, >- print_canonical_sockaddr_with_port(mem_ctx, &dc_addrs[i])); >- if (new_kdc_str == NULL) { >+ new_str = talloc_asprintf_append_buffer(result, >+ "\t\tkdc = %s:%u\n", >+ addr_str, kdc_port); >+ TALLOC_FREE(addr_str); >+ if (new_str == NULL) { > goto out; > } >- TALLOC_FREE(kdc_str); >- kdc_str = new_kdc_str; >+ result = new_str; > } > > out: >- DEBUG(10, ("get_kdc_ip_string: Returning %s\n", kdc_str)); >+ DEBUG(10, ("get_kdc_ip_string: Returning \n%s", result)); > >- result = kdc_str; > SAFE_FREE(ip_srv_site); > SAFE_FREE(ip_srv_nonsite); > TALLOC_FREE(frame); >-- >1.9.1 > > >From 7b1df2e6b619d655fd174ded3f87049d0a9f0361 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Thu, 9 Feb 2017 07:57:51 +0100 >Subject: [PATCH 2/2] s3:libads: let get_kdc_ip_string() also return > kpasswd_server entries for each kdc > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12515 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >--- > source3/libads/kerberos.c | 13 +++++++++---- > 1 file changed, 9 insertions(+), 4 deletions(-) > >diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c >index 18fd464..bb25406 100644 >--- a/source3/libads/kerberos.c >+++ b/source3/libads/kerberos.c >@@ -740,6 +740,7 @@ static char *get_kdc_ip_string(char *mem_ctx, > NTSTATUS status; > char *addr_str = NULL; > const uint16_t kdc_port = 88; >+ const uint16_t kpasswd_port = 464; > > addr_str = print_canonical_sockaddr(talloc_tos(), pss); > if (addr_str == NULL) { >@@ -753,8 +754,10 @@ static char *get_kdc_ip_string(char *mem_ctx, > * the hard-coded portnumber workarounds the issue. - gd > */ > result = talloc_asprintf(mem_ctx, >- "\t\tkdc = %s:%u\n", >- addr_str, kdc_port); >+ "\t\tkdc = %s:%u\n" >+ "\t\tkpasswd_server = %s:%u\n", >+ addr_str, kdc_port, >+ addr_str, kpasswd_port); > TALLOC_FREE(addr_str); > if (result == NULL) { > goto out; >@@ -862,8 +865,10 @@ static char *get_kdc_ip_string(char *mem_ctx, > > /* Append to the string - inefficient but not done often. */ > new_str = talloc_asprintf_append_buffer(result, >- "\t\tkdc = %s:%u\n", >- addr_str, kdc_port); >+ "\t\tkdc = %s:%u\n" >+ "\t\tkpasswd_server = %s:%u\n", >+ addr_str, kdc_port, >+ addr_str, kpasswd_port); > TALLOC_FREE(addr_str); > if (new_str == NULL) { > goto out; >-- >1.9.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
metze
:
review?
(
gd
)
metze
:
review?
(
mat
)
Actions:
View
Attachments on
bug 12515
:
12909
| 12910