The branch, v3-4-test has been updated via 22de063... s3-kerberos: temporary fix for ipv6 in print_kdc_line(). via 69e1fc7... s3-kerberos: pass down kdc_name to create_local_private_krb5_conf_for_domain(). via 43e4323... s3-winbind: make the getpeername() checks in cm_prepare_connection IPv6 aware. from 6d851e1... s3-spoolss: Added EN ISO 216, A0 and A1 to builtin forms.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test - Log ----------------------------------------------------------------- commit 22de0639efe63def87e32e5c18a82ea56c2984ef Author: Günther Deschner <g...@samba.org> Date: Sat May 15 00:34:35 2010 +0200 s3-kerberos: temporary fix for ipv6 in print_kdc_line(). Currently no krb5 lib supports "kdc = ipv6 address" at all, so for now just fill in just the kdc_name if we have it and let the krb5 lib figure out the appropriate ipv6 address ipv6 gurus, please check. Guenther (cherry picked from commit dd5a4e23f8c24564d3fd21bb8d01172321087362) The last 3 patches fix bug #7341 (winbind not working over IPv6). commit 69e1fc797dc34be03d771ec017ef27c6aa87a155 Author: Günther Deschner <g...@samba.org> Date: Fri May 14 23:23:34 2010 +0200 s3-kerberos: pass down kdc_name to create_local_private_krb5_conf_for_domain(). Guenther (cherry picked from commit e3bdff3d67b46277ee59685218bd90f3788b487d) commit 43e4323d4a009c2b18be090f183dfd8c9f561fed Author: Günther Deschner <g...@samba.org> Date: Fri May 14 23:21:47 2010 +0200 s3-winbind: make the getpeername() checks in cm_prepare_connection IPv6 aware. Note that this failure was hard to track, as winbind did only log a super helpful "cm_prepare_connection: Success" debug message. IPv6 gurus, please check Successfully tested in two independent IPv6 networks now. Guenther (cherry picked from commit 14ac2bb36ee22be6133ca1d069dc5de6c1891f47) ----------------------------------------------------------------------- Summary of changes: source3/include/proto.h | 3 +- source3/libads/kerberos.c | 44 +++++++++++++++++++++++++++++---------- source3/libsmb/namequery_dc.c | 6 +++- source3/winbindd/winbindd_cm.c | 36 ++++++++++++++++++++++++++------ 4 files changed, 67 insertions(+), 22 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/proto.h b/source3/include/proto.h index 34b9f83..bd9665c 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1790,7 +1790,8 @@ int kerberos_kinit_password(const char *principal, bool create_local_private_krb5_conf_for_domain(const char *realm, const char *domain, const char *sitename, - struct sockaddr_storage *pss); + struct sockaddr_storage *pss, + const char *kdc_name); /* The following definitions come from libads/kerberos_keytab.c */ diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c index f5f7f3d..aa3a76b 100644 --- a/source3/libads/kerberos.c +++ b/source3/libads/kerberos.c @@ -663,7 +663,8 @@ int kerberos_kinit_password(const char *principal, static char *print_kdc_line(char *mem_ctx, const char *prev_line, - const struct sockaddr_storage *pss) + const struct sockaddr_storage *pss, + const char *kdc_name) { char *kdc_str = NULL; @@ -675,6 +676,9 @@ static char *print_kdc_line(char *mem_ctx, char addr[INET6_ADDRSTRLEN]; uint16_t port = get_sockaddr_port(pss); + DEBUG(10,("print_kdc_line: IPv6 case for kdc_name: %s, port: %d\n", + kdc_name, port)); + if (port != 0 && port != DEFAULT_KRB5_PORT) { /* Currently for IPv6 we can't specify a non-default krb5 port with an address, as this requires a ':'. @@ -691,6 +695,7 @@ static char *print_kdc_line(char *mem_ctx, "Error %s\n.", print_canonical_sockaddr(mem_ctx, pss), gai_strerror(ret))); + return NULL; } /* Success, use host:port */ kdc_str = talloc_asprintf(mem_ctx, @@ -699,11 +704,22 @@ static char *print_kdc_line(char *mem_ctx, hostname, (unsigned int)port); } else { - kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n", - prev_line, - print_sockaddr(addr, - sizeof(addr), - pss)); + + /* no krb5 lib currently supports "kdc = ipv6 address" + * at all, so just fill in just the kdc_name if we have + * it and let the krb5 lib figure out the appropriate + * ipv6 address - gd */ + + if (kdc_name) { + kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n", + prev_line, kdc_name); + } else { + kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n", + prev_line, + print_sockaddr(addr, + sizeof(addr), + pss)); + } } } return kdc_str; @@ -720,14 +736,15 @@ static char *print_kdc_line(char *mem_ctx, static char *get_kdc_ip_string(char *mem_ctx, const char *realm, const char *sitename, - struct sockaddr_storage *pss) + struct sockaddr_storage *pss, + const char *kdc_name) { int i; struct ip_service *ip_srv_site = NULL; struct ip_service *ip_srv_nonsite = NULL; int count_site = 0; int count_nonsite; - char *kdc_str = print_kdc_line(mem_ctx, "", pss); + char *kdc_str = print_kdc_line(mem_ctx, "", pss, kdc_name); if (kdc_str == NULL) { return NULL; @@ -751,7 +768,8 @@ static char *get_kdc_ip_string(char *mem_ctx, * but not done often. */ kdc_str = print_kdc_line(mem_ctx, kdc_str, - &ip_srv_site[i].ss); + &ip_srv_site[i].ss, + NULL); if (!kdc_str) { SAFE_FREE(ip_srv_site); return NULL; @@ -788,7 +806,8 @@ static char *get_kdc_ip_string(char *mem_ctx, /* Append to the string - inefficient but not done often. */ kdc_str = print_kdc_line(mem_ctx, kdc_str, - &ip_srv_nonsite[i].ss); + &ip_srv_nonsite[i].ss, + NULL); if (!kdc_str) { SAFE_FREE(ip_srv_site); SAFE_FREE(ip_srv_nonsite); @@ -816,7 +835,8 @@ static char *get_kdc_ip_string(char *mem_ctx, bool create_local_private_krb5_conf_for_domain(const char *realm, const char *domain, const char *sitename, - struct sockaddr_storage *pss) + struct sockaddr_storage *pss, + const char *kdc_name) { char *dname = lock_path("smb_krb5"); char *tmpname = NULL; @@ -855,7 +875,7 @@ bool create_local_private_krb5_conf_for_domain(const char *realm, realm_upper = talloc_strdup(fname, realm); strupper_m(realm_upper); - kdc_ip_string = get_kdc_ip_string(dname, realm, sitename, pss); + kdc_ip_string = get_kdc_ip_string(dname, realm, sitename, pss, kdc_name); if (!kdc_ip_string) { goto done; } diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c index 7b0748f..68e399a 100644 --- a/source3/libsmb/namequery_dc.c +++ b/source3/libsmb/namequery_dc.c @@ -108,12 +108,14 @@ static bool ads_dc_name(const char *domain, create_local_private_krb5_conf_for_domain(realm, domain, sitename, - &ads->ldap.ss); + &ads->ldap.ss, + ads->config.ldap_server_name); } else { create_local_private_krb5_conf_for_domain(realm, domain, NULL, - &ads->ldap.ss); + &ads->ldap.ss, + ads->config.ldap_server_name); } } #endif diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index 670e494..3b34a32 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -794,11 +794,31 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain, peeraddr_len = sizeof(peeraddr); - if ((getpeername((*cli)->fd, &peeraddr, &peeraddr_len) != 0) || - (peeraddr_len != sizeof(struct sockaddr_in)) || - (peeraddr_in->sin_family != PF_INET)) - { - DEBUG(0,("cm_prepare_connection: %s\n", strerror(errno))); + if ((getpeername((*cli)->fd, &peeraddr, &peeraddr_len) != 0)) { + DEBUG(0,("cm_prepare_connection: getpeername failed with: %s\n", + strerror(errno))); + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + if ((peeraddr_len != sizeof(struct sockaddr_in)) +#ifdef HAVE_IPV6 + && (peeraddr_len != sizeof(struct sockaddr_in6)) +#endif + ) { + DEBUG(0,("cm_prepare_connection: got unexpected peeraddr len %d\n", + peeraddr_len)); + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + if ((peeraddr_in->sin_family != PF_INET) +#ifdef HAVE_IPV6 + && (peeraddr_in->sin_family != PF_INET6) +#endif + ) { + DEBUG(0,("cm_prepare_connection: got unexpected family %d\n", + peeraddr_in->sin_family)); result = NT_STATUS_UNSUCCESSFUL; goto done; } @@ -1116,7 +1136,8 @@ static bool dcip_to_name(TALLOC_CTX *mem_ctx, create_local_private_krb5_conf_for_domain(domain->alt_name, domain->name, sitename, - pss); + pss, + name); SAFE_FREE(sitename); } else { @@ -1124,7 +1145,8 @@ static bool dcip_to_name(TALLOC_CTX *mem_ctx, create_local_private_krb5_conf_for_domain(domain->alt_name, domain->name, NULL, - pss); + pss, + name); } winbindd_set_locator_kdc_envs(domain); -- Samba Shared Repository