diff options
Diffstat (limited to 'meta-oe/recipes-connectivity/samba/samba-4.1.12/04-ipv6-workaround.patch')
-rw-r--r-- | meta-oe/recipes-connectivity/samba/samba-4.1.12/04-ipv6-workaround.patch | 211 |
1 files changed, 0 insertions, 211 deletions
diff --git a/meta-oe/recipes-connectivity/samba/samba-4.1.12/04-ipv6-workaround.patch b/meta-oe/recipes-connectivity/samba/samba-4.1.12/04-ipv6-workaround.patch deleted file mode 100644 index a2058f115..000000000 --- a/meta-oe/recipes-connectivity/samba/samba-4.1.12/04-ipv6-workaround.patch +++ /dev/null | |||
@@ -1,211 +0,0 @@ | |||
1 | From 942dedb71437cd89932a7f39ca73d65c09aa59be Mon Sep 17 00:00:00 2001 | ||
2 | From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> | ||
3 | Date: Wed, 2 Apr 2014 19:37:34 +0200 | ||
4 | Subject: [PATCH] s3-kerberos: make ipv6 support for generated krb5 config | ||
5 | files more robust. | ||
6 | MIME-Version: 1.0 | ||
7 | Content-Type: text/plain; charset=UTF-8 | ||
8 | Content-Transfer-Encoding: 8bit | ||
9 | |||
10 | Older MIT Kerberos libraries will add any secondary ipv6 address as | ||
11 | ipv4 address, defining the (default) krb5 port 88 circumvents that. | ||
12 | |||
13 | Guenther | ||
14 | |||
15 | Signed-off-by: Günther Deschner <gd@samba.org> | ||
16 | --- | ||
17 | source3/libads/kerberos.c | 29 +++++++++++++++++++++++++++-- | ||
18 | 1 file changed, 27 insertions(+), 2 deletions(-) | ||
19 | |||
20 | diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c | ||
21 | index 649e568..f3c23ea 100644 | ||
22 | --- a/source3/libads/kerberos.c | ||
23 | +++ b/source3/libads/kerberos.c | ||
24 | @@ -615,6 +615,31 @@ static void add_sockaddr_unique(struct sockaddr_storage *addrs, int *num_addrs, | ||
25 | *num_addrs += 1; | ||
26 | } | ||
27 | |||
28 | +/* print_canonical_sockaddr prints an ipv6 addr in the form of | ||
29 | +* [ipv6.addr]. This string, when put in a generated krb5.conf file is not | ||
30 | +* always properly dealt with by some older krb5 libraries. Adding the hard-coded | ||
31 | +* portnumber workarounds the issue. - gd */ | ||
32 | + | ||
33 | +static char *print_canonical_sockaddr_with_port(TALLOC_CTX *mem_ctx, | ||
34 | + const struct sockaddr_storage *pss) | ||
35 | +{ | ||
36 | + char *str = NULL; | ||
37 | + | ||
38 | + str = print_canonical_sockaddr(mem_ctx, pss); | ||
39 | + if (str == NULL) { | ||
40 | + return NULL; | ||
41 | + } | ||
42 | + | ||
43 | + if (pss->ss_family != AF_INET6) { | ||
44 | + return str; | ||
45 | + } | ||
46 | + | ||
47 | +#if defined(HAVE_IPV6) | ||
48 | + str = talloc_asprintf_append(str, ":88"); | ||
49 | +#endif | ||
50 | + return str; | ||
51 | +} | ||
52 | + | ||
53 | static char *get_kdc_ip_string(char *mem_ctx, | ||
54 | const char *realm, | ||
55 | const char *sitename, | ||
56 | @@ -634,7 +659,7 @@ static char *get_kdc_ip_string(char *mem_ctx, | ||
57 | struct netlogon_samlogon_response **responses = NULL; | ||
58 | NTSTATUS status; | ||
59 | char *kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n", "", | ||
60 | - print_canonical_sockaddr(mem_ctx, pss)); | ||
61 | + print_canonical_sockaddr_with_port(mem_ctx, pss)); | ||
62 | |||
63 | if (kdc_str == NULL) { | ||
64 | TALLOC_FREE(frame); | ||
65 | @@ -726,7 +751,7 @@ static char *get_kdc_ip_string(char *mem_ctx, | ||
66 | /* Append to the string - inefficient but not done often. */ | ||
67 | new_kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n", | ||
68 | kdc_str, | ||
69 | - print_canonical_sockaddr(mem_ctx, &dc_addrs[i])); | ||
70 | + print_canonical_sockaddr_with_port(mem_ctx, &dc_addrs[i])); | ||
71 | if (new_kdc_str == NULL) { | ||
72 | goto fail; | ||
73 | } | ||
74 | -- | ||
75 | 1.9.0 | ||
76 | |||
77 | From 60db71015f84dd242be889576d85ccd5c6a1f73b Mon Sep 17 00:00:00 2001 | ||
78 | From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> | ||
79 | Date: Wed, 16 Apr 2014 16:07:14 +0200 | ||
80 | Subject: [PATCH] s3-libads: allow ads_try_connect() to re-use a resolved ip | ||
81 | address. | ||
82 | MIME-Version: 1.0 | ||
83 | Content-Type: text/plain; charset=UTF-8 | ||
84 | Content-Transfer-Encoding: 8bit | ||
85 | |||
86 | Pass down a struct sockaddr_storage to ads_try_connect. | ||
87 | |||
88 | Guenther | ||
89 | |||
90 | Signed-off-by: Günther Deschner <gd@samba.org> | ||
91 | Reviewed-by: Andreas Schneider <asn@samba.org> | ||
92 | |||
93 | Autobuild-User(master): Günther Deschner <gd@samba.org> | ||
94 | Autobuild-Date(master): Thu Apr 17 19:56:16 CEST 2014 on sn-devel-104 | ||
95 | --- | ||
96 | source3/libads/ldap.c | 44 ++++++++++++++++++++++++++------------------ | ||
97 | 1 file changed, 26 insertions(+), 18 deletions(-) | ||
98 | |||
99 | diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c | ||
100 | index d9bb8e2..8fed8fd 100644 | ||
101 | --- a/source3/libads/ldap.c | ||
102 | +++ b/source3/libads/ldap.c | ||
103 | @@ -228,33 +228,27 @@ bool ads_closest_dc(ADS_STRUCT *ads) | ||
104 | try a connection to a given ldap server, returning True and setting the servers IP | ||
105 | in the ads struct if successful | ||
106 | */ | ||
107 | -static bool ads_try_connect(ADS_STRUCT *ads, const char *server, bool gc) | ||
108 | +static bool ads_try_connect(ADS_STRUCT *ads, bool gc, | ||
109 | + struct sockaddr_storage *ss) | ||
110 | { | ||
111 | struct NETLOGON_SAM_LOGON_RESPONSE_EX cldap_reply; | ||
112 | TALLOC_CTX *frame = talloc_stackframe(); | ||
113 | bool ret = false; | ||
114 | - struct sockaddr_storage ss; | ||
115 | char addr[INET6_ADDRSTRLEN]; | ||
116 | |||
117 | - if (!server || !*server) { | ||
118 | + if (ss == NULL) { | ||
119 | TALLOC_FREE(frame); | ||
120 | return False; | ||
121 | } | ||
122 | |||
123 | - if (!resolve_name(server, &ss, 0x20, true)) { | ||
124 | - DEBUG(5,("ads_try_connect: unable to resolve name %s\n", | ||
125 | - server )); | ||
126 | - TALLOC_FREE(frame); | ||
127 | - return false; | ||
128 | - } | ||
129 | - print_sockaddr(addr, sizeof(addr), &ss); | ||
130 | + print_sockaddr(addr, sizeof(addr), ss); | ||
131 | |||
132 | DEBUG(5,("ads_try_connect: sending CLDAP request to %s (realm: %s)\n", | ||
133 | addr, ads->server.realm)); | ||
134 | |||
135 | ZERO_STRUCT( cldap_reply ); | ||
136 | |||
137 | - if ( !ads_cldap_netlogon_5(frame, &ss, ads->server.realm, &cldap_reply ) ) { | ||
138 | + if ( !ads_cldap_netlogon_5(frame, ss, ads->server.realm, &cldap_reply ) ) { | ||
139 | DEBUG(3,("ads_try_connect: CLDAP request %s failed.\n", addr)); | ||
140 | ret = false; | ||
141 | goto out; | ||
142 | @@ -298,7 +292,7 @@ static bool ads_try_connect(ADS_STRUCT *ads, const char *server, bool gc) | ||
143 | ads->server.workgroup = SMB_STRDUP(cldap_reply.domain_name); | ||
144 | |||
145 | ads->ldap.port = gc ? LDAP_GC_PORT : LDAP_PORT; | ||
146 | - ads->ldap.ss = ss; | ||
147 | + ads->ldap.ss = *ss; | ||
148 | |||
149 | /* Store our site name. */ | ||
150 | sitename_store( cldap_reply.domain_name, cldap_reply.client_site); | ||
151 | @@ -330,6 +324,7 @@ static NTSTATUS ads_find_dc(ADS_STRUCT *ads) | ||
152 | bool use_own_domain = False; | ||
153 | char *sitename; | ||
154 | NTSTATUS status = NT_STATUS_UNSUCCESSFUL; | ||
155 | + bool ok = false; | ||
156 | |||
157 | /* if the realm and workgroup are both empty, assume they are ours */ | ||
158 | |||
159 | @@ -384,12 +379,14 @@ static NTSTATUS ads_find_dc(ADS_STRUCT *ads) | ||
160 | DEBUG(6,("ads_find_dc: (ldap) looking for %s '%s'\n", | ||
161 | (got_realm ? "realm" : "domain"), realm)); | ||
162 | |||
163 | - if (get_dc_name(domain, realm, srv_name, &ip_out)) { | ||
164 | + ok = get_dc_name(domain, realm, srv_name, &ip_out); | ||
165 | + if (ok) { | ||
166 | /* | ||
167 | * we call ads_try_connect() to fill in the | ||
168 | * ads->config details | ||
169 | */ | ||
170 | - if (ads_try_connect(ads, srv_name, false)) { | ||
171 | + ok = ads_try_connect(ads, false, &ip_out); | ||
172 | + if (ok) { | ||
173 | return NT_STATUS_OK; | ||
174 | } | ||
175 | } | ||
176 | @@ -445,7 +442,8 @@ static NTSTATUS ads_find_dc(ADS_STRUCT *ads) | ||
177 | } | ||
178 | } | ||
179 | |||
180 | - if ( ads_try_connect(ads, server, false) ) { | ||
181 | + ok = ads_try_connect(ads, false, &ip_list[i].ss); | ||
182 | + if (ok) { | ||
183 | SAFE_FREE(ip_list); | ||
184 | SAFE_FREE(sitename); | ||
185 | return NT_STATUS_OK; | ||
186 | @@ -630,9 +628,19 @@ ADS_STATUS ads_connect(ADS_STRUCT *ads) | ||
187 | TALLOC_FREE(s); | ||
188 | } | ||
189 | |||
190 | - if (ads->server.ldap_server) | ||
191 | - { | ||
192 | - if (ads_try_connect(ads, ads->server.ldap_server, ads->server.gc)) { | ||
193 | + if (ads->server.ldap_server) { | ||
194 | + bool ok = false; | ||
195 | + struct sockaddr_storage ss; | ||
196 | + | ||
197 | + ok = resolve_name(ads->server.ldap_server, &ss, 0x20, true); | ||
198 | + if (!ok) { | ||
199 | + DEBUG(5,("ads_connect: unable to resolve name %s\n", | ||
200 | + ads->server.ldap_server)); | ||
201 | + status = ADS_ERROR_NT(NT_STATUS_NOT_FOUND); | ||
202 | + goto out; | ||
203 | + } | ||
204 | + ok = ads_try_connect(ads, ads->server.gc, &ss); | ||
205 | + if (ok) { | ||
206 | goto got_connection; | ||
207 | } | ||
208 | |||
209 | -- | ||
210 | 1.9.0 | ||
211 | |||