Attachment 5711 Details for Bug 7341 – v3-5-test: avoid ipv6 addr in krb5.conf creation

[patch] v3-5-test: avoid ipv6 addr in krb5.conf creation

ipv6-part2-v3-5-test.patch (text/plain), 6.85 KB, created by Guenther Deschner on 2010-05-17 07:18:38 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Guenther Deschner

Created: 2010-05-17 07:18:38 UTC

Size: 6.85 KB

patch

obsolete

>From f0cf9e9acdf44c14673216341420c232e1be7ed6 Mon Sep 17 00:00:00 2001
>From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
>Date: Fri, 14 May 2010 23:23:34 +0200
>Subject: [PATCH 1/2] s3-kerberos: pass down kdc_name to create_local_private_krb5_conf_for_domain().
>
>Guenther
>(cherry picked from commit e3bdff3d67b46277ee59685218bd90f3788b487d)
>---
> source3/include/proto.h        |    3 ++-
> source3/libads/kerberos.c      |   19 ++++++++++++-------
> source3/libsmb/namequery_dc.c  |    6 ++++--
> source3/winbindd/winbindd_cm.c |    6 ++++--
> 4 files changed, 22 insertions(+), 12 deletions(-)
>
>diff --git a/source3/include/proto.h b/source3/include/proto.h
>index 0813f0c..f30939a 100644
>--- a/source3/include/proto.h
>+++ b/source3/include/proto.h
>@@ -1809,7 +1809,8 @@ int kerberos_kinit_password(const char *principal,
> bool create_local_private_krb5_conf_for_domain(const char *realm,
> 						const char *domain,
> 						const char *sitename,
>-						struct sockaddr_storage *pss);
>+						struct sockaddr_storage *pss,
>+						const char *kdc_name);
> 
> /* The following definitions come from libads/kerberos_keytab.c  */
> 
>diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
>index 7fb4ec3..01a88e8 100644
>--- a/source3/libads/kerberos.c
>+++ b/source3/libads/kerberos.c
>@@ -715,7 +715,8 @@ int kerberos_kinit_password(const char *principal,
> 
> static char *print_kdc_line(char *mem_ctx,
> 			const char *prev_line,
>-			const struct sockaddr_storage *pss)
>+			const struct sockaddr_storage *pss,
>+			const char *kdc_name)
> {
> 	char *kdc_str = NULL;
> 
>@@ -772,14 +773,15 @@ static char *print_kdc_line(char *mem_ctx,
> static char *get_kdc_ip_string(char *mem_ctx,
> 		const char *realm,
> 		const char *sitename,
>-		struct sockaddr_storage *pss)
>+		struct sockaddr_storage *pss,
>+		const char *kdc_name)
> {
> 	int i;
> 	struct ip_service *ip_srv_site = NULL;
> 	struct ip_service *ip_srv_nonsite = NULL;
> 	int count_site = 0;
> 	int count_nonsite;
>-	char *kdc_str = print_kdc_line(mem_ctx, "", pss);
>+	char *kdc_str = print_kdc_line(mem_ctx, "", pss, kdc_name);
> 
> 	if (kdc_str == NULL) {
> 		return NULL;
>@@ -803,7 +805,8 @@ static char *get_kdc_ip_string(char *mem_ctx,
> 			 * but not done often. */
> 			kdc_str = print_kdc_line(mem_ctx,
> 						kdc_str,
>-						&ip_srv_site[i].ss);
>+						&ip_srv_site[i].ss,
>+						NULL);
> 			if (!kdc_str) {
> 				SAFE_FREE(ip_srv_site);
> 				return NULL;
>@@ -840,7 +843,8 @@ static char *get_kdc_ip_string(char *mem_ctx,
> 		/* Append to the string - inefficient but not done often. */
> 		kdc_str = print_kdc_line(mem_ctx,
> 				kdc_str,
>-				&ip_srv_nonsite[i].ss);
>+				&ip_srv_nonsite[i].ss,
>+				NULL);
> 		if (!kdc_str) {
> 			SAFE_FREE(ip_srv_site);
> 			SAFE_FREE(ip_srv_nonsite);
>@@ -868,7 +872,8 @@ static char *get_kdc_ip_string(char *mem_ctx,
> bool create_local_private_krb5_conf_for_domain(const char *realm,
> 						const char *domain,
> 						const char *sitename,
>-						struct sockaddr_storage *pss)
>+						struct sockaddr_storage *pss,
>+						const char *kdc_name)
> {
> 	char *dname;
> 	char *tmpname = NULL;
>@@ -912,7 +917,7 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
> 	realm_upper = talloc_strdup(fname, realm);
> 	strupper_m(realm_upper);
> 
>-	kdc_ip_string = get_kdc_ip_string(dname, realm, sitename, pss);
>+	kdc_ip_string = get_kdc_ip_string(dname, realm, sitename, pss, kdc_name);
> 	if (!kdc_ip_string) {
> 		goto done;
> 	}
>diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c
>index 7b0748f..68e399a 100644
>--- a/source3/libsmb/namequery_dc.c
>+++ b/source3/libsmb/namequery_dc.c
>@@ -108,12 +108,14 @@ static bool ads_dc_name(const char *domain,
> 				create_local_private_krb5_conf_for_domain(realm,
> 									domain,
> 									sitename,
>-									&ads->ldap.ss);
>+									&ads->ldap.ss,
>+									ads->config.ldap_server_name);
> 			} else {
> 				create_local_private_krb5_conf_for_domain(realm,
> 									domain,
> 									NULL,
>-									&ads->ldap.ss);
>+									&ads->ldap.ss,
>+									ads->config.ldap_server_name);
> 			}
> 		}
> #endif
>diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
>index 07294f9..ee9a656 100644
>--- a/source3/winbindd/winbindd_cm.c
>+++ b/source3/winbindd/winbindd_cm.c
>@@ -1150,7 +1150,8 @@ static bool dcip_to_name(TALLOC_CTX *mem_ctx,
> 					create_local_private_krb5_conf_for_domain(domain->alt_name,
> 									domain->name,
> 									sitename,
>-									pss);
>+									pss,
>+									name);
> 
> 					SAFE_FREE(sitename);
> 				} else {
>@@ -1158,7 +1159,8 @@ static bool dcip_to_name(TALLOC_CTX *mem_ctx,
> 					create_local_private_krb5_conf_for_domain(domain->alt_name,
> 									domain->name,
> 									NULL,
>-									pss);
>+									pss,
>+									name);
> 				}
> 				winbindd_set_locator_kdc_envs(domain);
> 
>-- 
>1.6.6.1
>
>
>From b3e237a0d35e5aeeb92df138afc3e2fa61f0a39f Mon Sep 17 00:00:00 2001
>From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
>Date: Sat, 15 May 2010 00:34:35 +0200
>Subject: [PATCH 2/2] s3-kerberos: temporary fix for ipv6 in print_kdc_line().
>
>Currently no krb5 lib supports "kdc = ipv6 address" at all, so for now just fill
>in just the kdc_name if we have it and let the krb5 lib figure out the
>appropriate ipv6 address
>
>ipv6 gurus, please check.
>
>Guenther
>(cherry picked from commit dd5a4e23f8c24564d3fd21bb8d01172321087362)
>---
> source3/libads/kerberos.c |   25 ++++++++++++++++++++-----
> 1 files changed, 20 insertions(+), 5 deletions(-)
>
>diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
>index 01a88e8..df0ec8e 100644
>--- a/source3/libads/kerberos.c
>+++ b/source3/libads/kerberos.c
>@@ -728,6 +728,9 @@ static char *print_kdc_line(char *mem_ctx,
> 		char addr[INET6_ADDRSTRLEN];
> 		uint16_t port = get_sockaddr_port(pss);
> 
>+		DEBUG(10,("print_kdc_line: IPv6 case for kdc_name: %s, port: %d\n",
>+			kdc_name, port));
>+
> 		if (port != 0 && port != DEFAULT_KRB5_PORT) {
> 			/* Currently for IPv6 we can't specify a non-default
> 			   krb5 port with an address, as this requires a ':'.
>@@ -744,6 +747,7 @@ static char *print_kdc_line(char *mem_ctx,
> 					"Error %s\n.",
> 					print_canonical_sockaddr(mem_ctx, pss),
> 					gai_strerror(ret)));
>+				return NULL;
> 			}
> 			/* Success, use host:port */
> 			kdc_str = talloc_asprintf(mem_ctx,
>@@ -752,11 +756,22 @@ static char *print_kdc_line(char *mem_ctx,
> 					hostname,
> 					(unsigned int)port);
> 		} else {
>-			kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
>-					prev_line,
>-					print_sockaddr(addr,
>-						sizeof(addr),
>-						pss));
>+
>+			/* no krb5 lib currently supports "kdc = ipv6 address"
>+			 * at all, so just fill in just the kdc_name if we have
>+			 * it and let the krb5 lib figure out the appropriate
>+			 * ipv6 address - gd */
>+
>+			if (kdc_name) {
>+				kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
>+						prev_line, kdc_name);
>+			} else {
>+				kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
>+						prev_line,
>+						print_sockaddr(addr,
>+							sizeof(addr),
>+							pss));
>+			}
> 		}
> 	}
> 	return kdc_str;
>-- 
>1.6.6.1
>

Flags:

jra: review+

Actions: View

Attachments on bug 7341: 5710 | 5711 | 5714 | 5715