Samba 3.0.6 won't build on systems with recent Heimdal krb5 implementations, due to a conflict between <krb5.h> and libads/krb5_setpw.c with the definition of KRB5_KPASSWD_VERS_SETPW. My reading of RFC3244 and brief chat with a Heimdal developer indicate that samba should just use the RFC3244 value for KRB5_KPASSWD_VERS_SETPW (0xff80), instead of calling that KRB5_KPASSWD_VERS_SETPW_MS, which is a misnomer IMHO. Are there any systems that actually expect to use `2' as the protocol number (the current KRB5_KPASSWD_VERS_SETPW value in samba) ? Note that krb5_setpw.c until rev 1.11 actually used the correct value (0xff80). (I'll attach a patch.)
Created attachment 617 [details] krb5_setpw.c.diff
Luke, I added a check for the KRB5_KPASSWD_VERS_SETPW-define to svn (defining it to the obscure value of "2" only in the case that the library does not provide it's own define). As long as there is no clear information about it's real meaning, I tend to leave the "2" as a fallback. If you feel this is not correct, please reopen.
I don't think this is quite correct; if we're going to retain the `2' value for compat with the unknown (?) systems that need it, then the recent commit won't help on systems that define KRB5_KPASSWD_VERS_SETPW as 0xff80, since the code that does if (pversion == KRB5_KPASSWD_VERS_SETPW || pversion == KRB5_KPASSWD_VERS_SETPW_MS) will be checking pversion against 0xff80 twice, which seems counterproductive. If we want to retain the ability to check pversion against 0xff80 (the standard value) as well as `2' (for ???), I suggest that instead we do something like: #ifndef KRB5_KPASSWD_VERS_SETPW #define KRB5_KPASSWD_VERS_SETPW 0xff80 /* the standard value */ #endif #define KRB5_KPASSWD_VERS_SETPW_ALT 2 /* compat value (for ???) */ /* ... */ if (pversion == KRB5_KPASSWD_VERS_SETPW || pversion == KRB5_KPASSWD_VERS_SETPW_ALT) /* ... */ I.e, change SETPW to 0xff80, rename SETPW_MS to SETPW_ALT and change it to 2, and replace SETPW_MS with SETPW_ALT in the code. I can provide a diff that shows what I mean if it helps.
Created attachment 750 [details] krb5_setpw.diff Replaces previous fix; this one defines KRB5_KPASSWD_VERS_SETPW to the standard 0xff80, and KRB5_KPASSWD_VERS_SETPW_ALT as 2 and uses instead of KRB5_KPASSWD_VERS_SETPW_MS.
After some research, I think that the `2' value comes from the expired internet draft: http://www.watersprings.org/pub/id/draft-ietf-cat-kerberos-set-passwd-06.txt 0xff80 comes from RFC3244: http://www.ietf.org/rfc/rfc3244.txt Luke.
Created attachment 759 [details] krb5_setpw.c fix for samba 3.0.8 A patch against samba 3.0.8 to implement the fix in the way I most recently discussed. I.e., #define KRB5_KPASSWD_VERS_SETPW 0xff80 (to be consistent with heimdal's <krb5.h>) and #define KRB5_KPASSWD_VERS_SETPW_ALT 2, and change the code to suit.
Applied, Luke, thanks!
originally reported against 3.0.8pre1. Cleaning up non-production versions.
actually that was originally against 3.0.8pre2. Sorry.
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.