The Samba-Bugzilla – Attachment 5711 Details for
Bug 7341
winbind not working over IPv6
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
v3-5-test: avoid ipv6 addr in krb5.conf creation
ipv6-part2-v3-5-test.patch (text/plain), 6.85 KB, created by
Guenther Deschner
on 2010-05-17 07:18:38 UTC
(
hide
)
Description:
v3-5-test: avoid ipv6 addr in krb5.conf creation
Filename:
MIME Type:
Creator:
Guenther Deschner
Created:
2010-05-17 07:18:38 UTC
Size:
6.85 KB
patch
obsolete
>From f0cf9e9acdf44c14673216341420c232e1be7ed6 Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Fri, 14 May 2010 23:23:34 +0200 >Subject: [PATCH 1/2] s3-kerberos: pass down kdc_name to create_local_private_krb5_conf_for_domain(). > >Guenther >(cherry picked from commit e3bdff3d67b46277ee59685218bd90f3788b487d) >--- > source3/include/proto.h | 3 ++- > source3/libads/kerberos.c | 19 ++++++++++++------- > source3/libsmb/namequery_dc.c | 6 ++++-- > source3/winbindd/winbindd_cm.c | 6 ++++-- > 4 files changed, 22 insertions(+), 12 deletions(-) > >diff --git a/source3/include/proto.h b/source3/include/proto.h >index 0813f0c..f30939a 100644 >--- a/source3/include/proto.h >+++ b/source3/include/proto.h >@@ -1809,7 +1809,8 @@ int kerberos_kinit_password(const char *principal, > bool create_local_private_krb5_conf_for_domain(const char *realm, > const char *domain, > const char *sitename, >- struct sockaddr_storage *pss); >+ struct sockaddr_storage *pss, >+ const char *kdc_name); > > /* The following definitions come from libads/kerberos_keytab.c */ > >diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c >index 7fb4ec3..01a88e8 100644 >--- a/source3/libads/kerberos.c >+++ b/source3/libads/kerberos.c >@@ -715,7 +715,8 @@ int kerberos_kinit_password(const char *principal, > > static char *print_kdc_line(char *mem_ctx, > const char *prev_line, >- const struct sockaddr_storage *pss) >+ const struct sockaddr_storage *pss, >+ const char *kdc_name) > { > char *kdc_str = NULL; > >@@ -772,14 +773,15 @@ static char *print_kdc_line(char *mem_ctx, > static char *get_kdc_ip_string(char *mem_ctx, > const char *realm, > const char *sitename, >- struct sockaddr_storage *pss) >+ struct sockaddr_storage *pss, >+ const char *kdc_name) > { > int i; > struct ip_service *ip_srv_site = NULL; > struct ip_service *ip_srv_nonsite = NULL; > int count_site = 0; > int count_nonsite; >- char *kdc_str = print_kdc_line(mem_ctx, "", pss); >+ char *kdc_str = print_kdc_line(mem_ctx, "", pss, kdc_name); > > if (kdc_str == NULL) { > return NULL; >@@ -803,7 +805,8 @@ static char *get_kdc_ip_string(char *mem_ctx, > * but not done often. */ > kdc_str = print_kdc_line(mem_ctx, > kdc_str, >- &ip_srv_site[i].ss); >+ &ip_srv_site[i].ss, >+ NULL); > if (!kdc_str) { > SAFE_FREE(ip_srv_site); > return NULL; >@@ -840,7 +843,8 @@ static char *get_kdc_ip_string(char *mem_ctx, > /* Append to the string - inefficient but not done often. */ > kdc_str = print_kdc_line(mem_ctx, > kdc_str, >- &ip_srv_nonsite[i].ss); >+ &ip_srv_nonsite[i].ss, >+ NULL); > if (!kdc_str) { > SAFE_FREE(ip_srv_site); > SAFE_FREE(ip_srv_nonsite); >@@ -868,7 +872,8 @@ static char *get_kdc_ip_string(char *mem_ctx, > bool create_local_private_krb5_conf_for_domain(const char *realm, > const char *domain, > const char *sitename, >- struct sockaddr_storage *pss) >+ struct sockaddr_storage *pss, >+ const char *kdc_name) > { > char *dname; > char *tmpname = NULL; >@@ -912,7 +917,7 @@ bool create_local_private_krb5_conf_for_domain(const char *realm, > realm_upper = talloc_strdup(fname, realm); > strupper_m(realm_upper); > >- kdc_ip_string = get_kdc_ip_string(dname, realm, sitename, pss); >+ kdc_ip_string = get_kdc_ip_string(dname, realm, sitename, pss, kdc_name); > if (!kdc_ip_string) { > goto done; > } >diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c >index 7b0748f..68e399a 100644 >--- a/source3/libsmb/namequery_dc.c >+++ b/source3/libsmb/namequery_dc.c >@@ -108,12 +108,14 @@ static bool ads_dc_name(const char *domain, > create_local_private_krb5_conf_for_domain(realm, > domain, > sitename, >- &ads->ldap.ss); >+ &ads->ldap.ss, >+ ads->config.ldap_server_name); > } else { > create_local_private_krb5_conf_for_domain(realm, > domain, > NULL, >- &ads->ldap.ss); >+ &ads->ldap.ss, >+ ads->config.ldap_server_name); > } > } > #endif >diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c >index 07294f9..ee9a656 100644 >--- a/source3/winbindd/winbindd_cm.c >+++ b/source3/winbindd/winbindd_cm.c >@@ -1150,7 +1150,8 @@ static bool dcip_to_name(TALLOC_CTX *mem_ctx, > create_local_private_krb5_conf_for_domain(domain->alt_name, > domain->name, > sitename, >- pss); >+ pss, >+ name); > > SAFE_FREE(sitename); > } else { >@@ -1158,7 +1159,8 @@ static bool dcip_to_name(TALLOC_CTX *mem_ctx, > create_local_private_krb5_conf_for_domain(domain->alt_name, > domain->name, > NULL, >- pss); >+ pss, >+ name); > } > winbindd_set_locator_kdc_envs(domain); > >-- >1.6.6.1 > > >From b3e237a0d35e5aeeb92df138afc3e2fa61f0a39f Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Sat, 15 May 2010 00:34:35 +0200 >Subject: [PATCH 2/2] s3-kerberos: temporary fix for ipv6 in print_kdc_line(). > >Currently no krb5 lib supports "kdc = ipv6 address" at all, so for now just fill >in just the kdc_name if we have it and let the krb5 lib figure out the >appropriate ipv6 address > >ipv6 gurus, please check. > >Guenther >(cherry picked from commit dd5a4e23f8c24564d3fd21bb8d01172321087362) >--- > source3/libads/kerberos.c | 25 ++++++++++++++++++++----- > 1 files changed, 20 insertions(+), 5 deletions(-) > >diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c >index 01a88e8..df0ec8e 100644 >--- a/source3/libads/kerberos.c >+++ b/source3/libads/kerberos.c >@@ -728,6 +728,9 @@ static char *print_kdc_line(char *mem_ctx, > char addr[INET6_ADDRSTRLEN]; > uint16_t port = get_sockaddr_port(pss); > >+ DEBUG(10,("print_kdc_line: IPv6 case for kdc_name: %s, port: %d\n", >+ kdc_name, port)); >+ > if (port != 0 && port != DEFAULT_KRB5_PORT) { > /* Currently for IPv6 we can't specify a non-default > krb5 port with an address, as this requires a ':'. >@@ -744,6 +747,7 @@ static char *print_kdc_line(char *mem_ctx, > "Error %s\n.", > print_canonical_sockaddr(mem_ctx, pss), > gai_strerror(ret))); >+ return NULL; > } > /* Success, use host:port */ > kdc_str = talloc_asprintf(mem_ctx, >@@ -752,11 +756,22 @@ static char *print_kdc_line(char *mem_ctx, > hostname, > (unsigned int)port); > } else { >- kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n", >- prev_line, >- print_sockaddr(addr, >- sizeof(addr), >- pss)); >+ >+ /* no krb5 lib currently supports "kdc = ipv6 address" >+ * at all, so just fill in just the kdc_name if we have >+ * it and let the krb5 lib figure out the appropriate >+ * ipv6 address - gd */ >+ >+ if (kdc_name) { >+ kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n", >+ prev_line, kdc_name); >+ } else { >+ kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n", >+ prev_line, >+ print_sockaddr(addr, >+ sizeof(addr), >+ pss)); >+ } > } > } > return kdc_str; >-- >1.6.6.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
jra
:
review+
Actions:
View
Attachments on
bug 7341
:
5710
| 5711 |
5714
|
5715