Samba 3.0.6 won't build on systems with recent Heimdal krb5 implementations, due
to a conflict between <krb5.h> and libads/krb5_setpw.c with the definition of
My reading of RFC3244 and brief chat with a Heimdal developer indicate that
samba should just use the RFC3244 value for KRB5_KPASSWD_VERS_SETPW (0xff80),
instead of calling that KRB5_KPASSWD_VERS_SETPW_MS, which is a misnomer IMHO.
Are there any systems that actually expect to use `2' as the protocol number
(the current KRB5_KPASSWD_VERS_SETPW value in samba) ? Note that krb5_setpw.c
until rev 1.11 actually used the correct value (0xff80).
(I'll attach a patch.)
Created attachment 617 [details]
I added a check for the KRB5_KPASSWD_VERS_SETPW-define to svn (defining it to
the obscure value of "2" only in the case that the library does not provide it's
own define). As long as there is no clear information about it's real meaning, I
tend to leave the "2" as a fallback.
If you feel this is not correct, please reopen.
I don't think this is quite correct; if we're going to retain the `2' value for
compat with the unknown (?) systems that need it, then the recent commit won't
help on systems that define KRB5_KPASSWD_VERS_SETPW as 0xff80, since the code
if (pversion == KRB5_KPASSWD_VERS_SETPW || pversion ==
will be checking pversion against 0xff80 twice, which seems counterproductive.
If we want to retain the ability to check pversion against 0xff80 (the standard
value) as well as `2' (for ???), I suggest that instead we do something like:
#define KRB5_KPASSWD_VERS_SETPW 0xff80 /* the standard value */
#define KRB5_KPASSWD_VERS_SETPW_ALT 2 /* compat value (for ???) */
/* ... */
if (pversion == KRB5_KPASSWD_VERS_SETPW || pversion == KRB5_KPASSWD_VERS_SETPW_ALT)
/* ... */
I.e, change SETPW to 0xff80, rename SETPW_MS to SETPW_ALT and change it to 2,
and replace SETPW_MS with SETPW_ALT in the code.
I can provide a diff that shows what I mean if it helps.
Created attachment 750 [details]
Replaces previous fix; this one defines KRB5_KPASSWD_VERS_SETPW to the standard
0xff80, and KRB5_KPASSWD_VERS_SETPW_ALT as 2 and uses instead of
After some research, I think that the `2' value comes from the expired internet
0xff80 comes from RFC3244:
Created attachment 759 [details]
krb5_setpw.c fix for samba 3.0.8
A patch against samba 3.0.8 to implement the fix in the way I most recently
discussed. I.e., #define KRB5_KPASSWD_VERS_SETPW 0xff80 (to be consistent
with heimdal's <krb5.h>) and #define KRB5_KPASSWD_VERS_SETPW_ALT 2, and change
the code to suit.
Applied, Luke, thanks!
originally reported against 3.0.8pre1. Cleaning up
actually that was originally against 3.0.8pre2. Sorry.
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.