1 From 918ac8f0ed19aeaa4718fa94fcabe87d0419d768 Mon Sep 17 00:00:00 2001
2 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
3 Date: Mon, 13 Jan 2014 15:59:26 +0100
4 Subject: [PATCH 1/5] PATCHSET11: s3-kerberos: remove print_kdc_line()
7 Content-Type: text/plain; charset=UTF-8
8 Content-Transfer-Encoding: 8bit
10 Just calling print_canonical_sockaddr() is sufficient, as it already deals with
11 ipv6 as well. The port handling, which was only done for IPv6 (not IPv4), is
12 removed as well. It was pointless because it always derived the port number from
13 the provided address which was either a SMB (usually port 445) or LDAP
14 connection. No KDC will ever run on port 389 or 445 on a Windows/Samba DC.
15 Finally, the kerberos libraries that we support and build with, can deal with
16 ipv6 addresses in krb5.conf, so we no longer put the (unnecessary) burden of
17 resolving the DC name on the kerberos library anymore.
21 Signed-off-by: Günther Deschner <gd@samba.org>
22 Reviewed-by: Andreas Schneider <asn@samba.org>
25 source3/libads/kerberos.c
27 source3/libads/kerberos.c | 86 +++++------------------------------------------
28 1 file changed, 9 insertions(+), 77 deletions(-)
30 diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
31 index 1153ccb..064e5f7 100644
32 --- a/source3/libads/kerberos.c
33 +++ b/source3/libads/kerberos.c
34 @@ -661,73 +661,6 @@ int kerberos_kinit_password(const char *principal,
37 /************************************************************************
38 -************************************************************************/
40 -static char *print_kdc_line(char *mem_ctx,
41 - const char *prev_line,
42 - const struct sockaddr_storage *pss,
43 - const char *kdc_name)
45 - char *kdc_str = NULL;
47 - if (pss->ss_family == AF_INET) {
48 - kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
50 - print_canonical_sockaddr(mem_ctx, pss));
52 - char addr[INET6_ADDRSTRLEN];
53 - uint16_t port = get_sockaddr_port(pss);
55 - DEBUG(10,("print_kdc_line: IPv6 case for kdc_name: %s, port: %d\n",
58 - if (port != 0 && port != DEFAULT_KRB5_PORT) {
59 - /* Currently for IPv6 we can't specify a non-default
60 - krb5 port with an address, as this requires a ':'.
61 - Resolve to a name. */
62 - char hostname[MAX_DNS_NAME_LENGTH];
63 - int ret = sys_getnameinfo((const struct sockaddr *)pss,
65 - hostname, sizeof(hostname),
69 - DEBUG(0,("print_kdc_line: can't resolve name "
70 - "for kdc with non-default port %s. "
72 - print_canonical_sockaddr(mem_ctx, pss),
73 - gai_strerror(ret)));
76 - /* Success, use host:port */
77 - kdc_str = talloc_asprintf(mem_ctx,
78 - "%s\tkdc = %s:%u\n",
81 - (unsigned int)port);
84 - /* no krb5 lib currently supports "kdc = ipv6 address"
85 - * at all, so just fill in just the kdc_name if we have
86 - * it and let the krb5 lib figure out the appropriate
87 - * ipv6 address - gd */
90 - kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
91 - prev_line, kdc_name);
93 - kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
95 - print_sockaddr(addr,
104 -/************************************************************************
105 Create a string list of available kdc's, possibly searching by sitename.
108 @@ -746,7 +679,8 @@ static char *get_kdc_ip_string(char *mem_ctx,
109 struct ip_service *ip_srv_nonsite = NULL;
112 - char *kdc_str = print_kdc_line(mem_ctx, "", pss, kdc_name);
113 + char *kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n", "",
114 + print_canonical_sockaddr(mem_ctx, pss));
116 if (kdc_str == NULL) {
118 @@ -768,10 +702,9 @@ static char *get_kdc_ip_string(char *mem_ctx,
120 /* Append to the string - inefficient
121 * but not done often. */
122 - kdc_str = print_kdc_line(mem_ctx,
124 - &ip_srv_site[i].ss,
126 + kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
128 + print_canonical_sockaddr(mem_ctx, &ip_srv_site[i].ss));
130 SAFE_FREE(ip_srv_site);
132 @@ -806,11 +739,10 @@ static char *get_kdc_ip_string(char *mem_ctx,
135 /* Append to the string - inefficient but not done often. */
136 - kdc_str = print_kdc_line(mem_ctx,
138 - &ip_srv_nonsite[i].ss,
141 + kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
143 + print_canonical_sockaddr(mem_ctx, &ip_srv_nonsite[i].ss));
144 + if (kdc_str == NULL) {
145 SAFE_FREE(ip_srv_site);
146 SAFE_FREE(ip_srv_nonsite);
152 From b4eba7d838b60230b9f6c9a08ef0ddc00e3e47f0 Mon Sep 17 00:00:00 2001
153 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
154 Date: Fri, 7 Mar 2014 14:47:31 +0100
155 Subject: [PATCH 2/5] PATCHSET11: s3-kerberos: remove unused kdc_name from
156 create_local_private_krb5_conf_for_domain().
158 Content-Type: text/plain; charset=UTF-8
159 Content-Transfer-Encoding: 8bit
163 Signed-off-by: Günther Deschner <gd@samba.org>
164 Reviewed-by: Andreas Schneider <asn@samba.org>
166 Autobuild-User(master): Günther Deschner <gd@samba.org>
167 Autobuild-Date(master): Fri Mar 7 18:43:57 CET 2014 on sn-devel-104
170 source3/libads/kerberos.c
171 source3/libads/kerberos_proto.h
172 source3/libnet/libnet_join.c
173 source3/winbindd/winbindd_cm.c
175 source3/libads/kerberos.c | 10 ++++------
176 source3/libads/kerberos_proto.h | 3 +--
177 source3/libnet/libnet_join.c | 2 +-
178 source3/libsmb/namequery_dc.c | 6 ++----
179 source3/winbindd/winbindd_cm.c | 6 ++----
180 5 files changed, 10 insertions(+), 17 deletions(-)
182 diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
183 index 064e5f7..b826cb3 100644
184 --- a/source3/libads/kerberos.c
185 +++ b/source3/libads/kerberos.c
186 @@ -671,8 +671,7 @@ int kerberos_kinit_password(const char *principal,
187 static char *get_kdc_ip_string(char *mem_ctx,
189 const char *sitename,
190 - struct sockaddr_storage *pss,
191 - const char *kdc_name)
192 + struct sockaddr_storage *pss)
195 struct ip_service *ip_srv_site = NULL;
196 @@ -769,8 +768,7 @@ static char *get_kdc_ip_string(char *mem_ctx,
197 bool create_local_private_krb5_conf_for_domain(const char *realm,
199 const char *sitename,
200 - struct sockaddr_storage *pss,
201 - const char *kdc_name)
202 + struct sockaddr_storage *pss)
205 char *tmpname = NULL;
206 @@ -794,7 +792,7 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
210 - if (domain == NULL || pss == NULL || kdc_name == NULL) {
211 + if (domain == NULL || pss == NULL) {
215 @@ -825,7 +823,7 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
216 realm_upper = talloc_strdup(fname, realm);
217 strupper_m(realm_upper);
219 - kdc_ip_string = get_kdc_ip_string(dname, realm, sitename, pss, kdc_name);
220 + kdc_ip_string = get_kdc_ip_string(dname, realm, sitename, pss);
221 if (!kdc_ip_string) {
224 diff --git a/source3/libads/kerberos_proto.h b/source3/libads/kerberos_proto.h
225 index 406669cc..90d7cd9 100644
226 --- a/source3/libads/kerberos_proto.h
227 +++ b/source3/libads/kerberos_proto.h
228 @@ -75,8 +75,7 @@ int kerberos_kinit_password(const char *principal,
229 bool create_local_private_krb5_conf_for_domain(const char *realm,
231 const char *sitename,
232 - struct sockaddr_storage *pss,
233 - const char *kdc_name);
234 + struct sockaddr_storage *pss);
236 /* The following definitions come from libads/authdata.c */
238 diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
239 index e84682d..f1736ec 100644
240 --- a/source3/libnet/libnet_join.c
241 +++ b/source3/libnet/libnet_join.c
242 @@ -1985,7 +1985,7 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx,
244 create_local_private_krb5_conf_for_domain(
245 r->out.dns_domain_name, r->out.netbios_domain_name,
246 - NULL, &cli->dest_ss, cli->desthost);
247 + NULL, &cli->dest_ss);
249 if (r->out.domain_is_ad && r->in.account_ou &&
250 !(r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_UNSECURE)) {
251 diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c
252 index 39b780c..149121a 100644
253 --- a/source3/libsmb/namequery_dc.c
254 +++ b/source3/libsmb/namequery_dc.c
255 @@ -111,14 +111,12 @@ static bool ads_dc_name(const char *domain,
256 create_local_private_krb5_conf_for_domain(realm,
260 - ads->config.ldap_server_name);
263 create_local_private_krb5_conf_for_domain(realm,
267 - ads->config.ldap_server_name);
272 diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
273 index 8271279..59f30a5 100644
274 --- a/source3/winbindd/winbindd_cm.c
275 +++ b/source3/winbindd/winbindd_cm.c
276 @@ -1226,8 +1226,7 @@ static bool dcip_to_name(TALLOC_CTX *mem_ctx,
277 create_local_private_krb5_conf_for_domain(domain->alt_name,
286 @@ -1235,8 +1234,7 @@ static bool dcip_to_name(TALLOC_CTX *mem_ctx,
287 create_local_private_krb5_conf_for_domain(domain->alt_name,
294 winbindd_set_locator_kdc_envs(domain);
300 From db840b57e81922cea984530e2dc1b42cc99e75de Mon Sep 17 00:00:00 2001
301 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
302 Date: Wed, 2 Apr 2014 19:37:34 +0200
303 Subject: [PATCH 3/5] PATCHSET11: s3-kerberos: make ipv6 support for generated
304 krb5 config files more robust.
306 Content-Type: text/plain; charset=UTF-8
307 Content-Transfer-Encoding: 8bit
309 Older MIT Kerberos libraries will add any secondary ipv6 address as
310 ipv4 address, defining the (default) krb5 port 88 circumvents that.
314 Signed-off-by: Günther Deschner <gd@samba.org>
315 Reviewed-by: Andreas Schneider <asn@samba.org>
317 Autobuild-User(master): Günther Deschner <gd@samba.org>
318 Autobuild-Date(master): Fri Apr 4 16:33:12 CEST 2014 on sn-devel-104
321 source3/libads/kerberos.c
323 source3/libads/kerberos.c | 29 +++++++++++++++++++++++++++--
324 1 file changed, 27 insertions(+), 2 deletions(-)
326 diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
327 index b826cb3..5e34aa3 100644
328 --- a/source3/libads/kerberos.c
329 +++ b/source3/libads/kerberos.c
330 @@ -668,6 +668,31 @@ int kerberos_kinit_password(const char *principal,
332 ************************************************************************/
334 +/* print_canonical_sockaddr prints an ipv6 addr in the form of
335 +* [ipv6.addr]. This string, when put in a generated krb5.conf file is not
336 +* always properly dealt with by some older krb5 libraries. Adding the hard-coded
337 +* portnumber workarounds the issue. - gd */
339 +static char *print_canonical_sockaddr_with_port(TALLOC_CTX *mem_ctx,
340 + const struct sockaddr_storage *pss)
344 + str = print_canonical_sockaddr(mem_ctx, pss);
349 + if (pss->ss_family != AF_INET6) {
353 +#if defined(HAVE_IPV6)
354 + str = talloc_asprintf_append(str, ":88");
359 static char *get_kdc_ip_string(char *mem_ctx,
361 const char *sitename,
362 @@ -679,7 +704,7 @@ static char *get_kdc_ip_string(char *mem_ctx,
365 char *kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n", "",
366 - print_canonical_sockaddr(mem_ctx, pss));
367 + print_canonical_sockaddr_with_port(mem_ctx, pss));
369 if (kdc_str == NULL) {
371 @@ -740,7 +765,7 @@ static char *get_kdc_ip_string(char *mem_ctx,
372 /* Append to the string - inefficient but not done often. */
373 kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
375 - print_canonical_sockaddr(mem_ctx, &ip_srv_nonsite[i].ss));
376 + print_canonical_sockaddr_with_port(mem_ctx, &ip_srv_nonsite[i].ss));
377 if (kdc_str == NULL) {
378 SAFE_FREE(ip_srv_site);
379 SAFE_FREE(ip_srv_nonsite);
384 From 208f1d7b5ae557bf34a39c847aeb1925ce4cb171 Mon Sep 17 00:00:00 2001
385 From: Andrew Bartlett <abartlet@samba.org>
386 Date: Tue, 26 Apr 2011 17:03:32 +1000
387 Subject: [PATCH 4/5] PATCHSET11: s3-libads Pass a struct sockaddr_storage to
390 This avoids these routines doing a DNS lookup that has already been
391 done, and ensures that the emulated DNS lookup isn't thrown away.
395 source3/libads/cldap.c | 14 ++++--------
396 source3/libads/cldap.h | 4 ++--
397 source3/libads/ldap.c | 41 ++++++++++-------------------------
398 source3/libsmb/dsgetdcname.c | 3 ++-
399 source3/utils/net_ads.c | 7 +++---
400 source3/winbindd/idmap_adex/gc_util.c | 12 +++++++++-
401 6 files changed, 33 insertions(+), 48 deletions(-)
403 diff --git a/source3/libads/cldap.c b/source3/libads/cldap.c
404 index 5d2e900..03fa17c 100644
405 --- a/source3/libads/cldap.c
406 +++ b/source3/libads/cldap.c
408 *******************************************************************/
410 bool ads_cldap_netlogon(TALLOC_CTX *mem_ctx,
411 - const char *server,
412 + struct sockaddr_storage *ss,
415 struct netlogon_samlogon_response **_reply)
416 @@ -39,18 +39,12 @@ bool ads_cldap_netlogon(TALLOC_CTX *mem_ctx,
417 struct cldap_netlogon io;
418 struct netlogon_samlogon_response *reply;
420 - struct sockaddr_storage ss;
421 char addrstr[INET6_ADDRSTRLEN];
422 const char *dest_str;
424 struct tsocket_address *dest_addr;
426 - if (!interpret_string_addr_prefer_ipv4(&ss, server, 0)) {
427 - DEBUG(2,("Failed to resolve[%s] into an address for cldap\n",
431 - dest_str = print_sockaddr(addrstr, sizeof(addrstr), &ss);
432 + dest_str = print_sockaddr(addrstr, sizeof(addrstr), ss);
434 ret = tsocket_address_inet_from_strings(mem_ctx, "ip",
436 @@ -113,7 +107,7 @@ failed:
437 *******************************************************************/
439 bool ads_cldap_netlogon_5(TALLOC_CTX *mem_ctx,
440 - const char *server,
441 + struct sockaddr_storage *ss,
443 struct NETLOGON_SAM_LOGON_RESPONSE_EX *reply5)
445 @@ -121,7 +115,7 @@ bool ads_cldap_netlogon_5(TALLOC_CTX *mem_ctx,
446 struct netlogon_samlogon_response *reply = NULL;
449 - ret = ads_cldap_netlogon(mem_ctx, server, realm, nt_version, &reply);
450 + ret = ads_cldap_netlogon(mem_ctx, ss, realm, nt_version, &reply);
454 diff --git a/source3/libads/cldap.h b/source3/libads/cldap.h
455 index d2ad4b0..60e1c56 100644
456 --- a/source3/libads/cldap.h
457 +++ b/source3/libads/cldap.h
460 /* The following definitions come from libads/cldap.c */
461 bool ads_cldap_netlogon(TALLOC_CTX *mem_ctx,
462 - const char *server,
463 + struct sockaddr_storage *ss,
466 struct netlogon_samlogon_response **reply);
467 bool ads_cldap_netlogon_5(TALLOC_CTX *mem_ctx,
468 - const char *server,
469 + struct sockaddr_storage *ss,
471 struct NETLOGON_SAM_LOGON_RESPONSE_EX *reply5);
473 diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
474 index b841c84..0db0bcd 100644
475 --- a/source3/libads/ldap.c
476 +++ b/source3/libads/ldap.c
477 @@ -196,45 +196,32 @@ bool ads_closest_dc(ADS_STRUCT *ads)
479 static bool ads_try_connect(ADS_STRUCT *ads, const char *server, bool gc)
482 struct NETLOGON_SAM_LOGON_RESPONSE_EX cldap_reply;
483 TALLOC_CTX *frame = talloc_stackframe();
485 + struct sockaddr_storage ss;
486 + char addr[INET6_ADDRSTRLEN];
488 if (!server || !*server) {
493 - if (!is_ipaddress(server)) {
494 - struct sockaddr_storage ss;
495 - char addr[INET6_ADDRSTRLEN];
497 - if (!resolve_name(server, &ss, 0x20, true)) {
498 - DEBUG(5,("ads_try_connect: unable to resolve name %s\n",
500 - TALLOC_FREE(frame);
503 - print_sockaddr(addr, sizeof(addr), &ss);
504 - srv = talloc_strdup(frame, addr);
506 - /* this copes with inet_ntoa brokenness */
507 - srv = talloc_strdup(frame, server);
511 + if (!resolve_name(server, &ss, 0x20, true)) {
512 + DEBUG(5,("ads_try_connect: unable to resolve name %s\n",
517 + print_sockaddr(addr, sizeof(addr), &ss);
519 DEBUG(5,("ads_try_connect: sending CLDAP request to %s (realm: %s)\n",
520 - srv, ads->server.realm));
521 + addr, ads->server.realm));
523 ZERO_STRUCT( cldap_reply );
525 - if ( !ads_cldap_netlogon_5(frame, srv, ads->server.realm, &cldap_reply ) ) {
526 - DEBUG(3,("ads_try_connect: CLDAP request %s failed.\n", srv));
527 + if ( !ads_cldap_netlogon_5(frame, &ss, ads->server.realm, &cldap_reply ) ) {
528 + DEBUG(3,("ads_try_connect: CLDAP request %s failed.\n", addr));
532 @@ -243,7 +230,7 @@ static bool ads_try_connect(ADS_STRUCT *ads, const char *server, bool gc)
534 if ( !(cldap_reply.server_type & NBT_SERVER_LDAP) ) {
535 DEBUG(1,("ads_try_connect: %s's CLDAP reply says it is not an LDAP server!\n",
541 @@ -273,13 +260,7 @@ static bool ads_try_connect(ADS_STRUCT *ads, const char *server, bool gc)
542 ads->server.workgroup = SMB_STRDUP(cldap_reply.domain_name);
544 ads->ldap.port = gc ? LDAP_GC_PORT : LDAP_PORT;
545 - if (!interpret_string_addr(&ads->ldap.ss, srv, 0)) {
546 - DEBUG(1,("ads_try_connect: unable to convert %s "
554 /* Store our site name. */
555 sitename_store( cldap_reply.domain_name, cldap_reply.client_site);
556 diff --git a/source3/libsmb/dsgetdcname.c b/source3/libsmb/dsgetdcname.c
557 index 841a179..2f8b8dc 100644
558 --- a/source3/libsmb/dsgetdcname.c
559 +++ b/source3/libsmb/dsgetdcname.c
560 @@ -863,9 +863,10 @@ static NTSTATUS process_dc_dns(TALLOC_CTX *mem_ctx,
562 for (i=0; i<num_dcs; i++) {
565 DEBUG(10,("LDAP ping to %s\n", dclist[i].hostname));
567 - if (ads_cldap_netlogon(mem_ctx, dclist[i].hostname,
568 + if (ads_cldap_netlogon(mem_ctx, &dclist[i].ss,
572 diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
573 index 8f8b7b4..816349d 100644
574 --- a/source3/utils/net_ads.c
575 +++ b/source3/utils/net_ads.c
576 @@ -62,7 +62,8 @@ static int net_ads_cldap_netlogon(struct net_context *c, ADS_STRUCT *ads)
577 struct NETLOGON_SAM_LOGON_RESPONSE_EX reply;
579 print_sockaddr(addr, sizeof(addr), &ads->ldap.ss);
580 - if ( !ads_cldap_netlogon_5(talloc_tos(), addr, ads->server.realm, &reply ) ) {
582 + if ( !ads_cldap_netlogon_5(talloc_tos(), &ads->ldap.ss, ads->server.realm, &reply ) ) {
583 d_fprintf(stderr, _("CLDAP query failed!\n"));
586 @@ -385,7 +386,6 @@ int net_ads_check(struct net_context *c)
587 static int net_ads_workgroup(struct net_context *c, int argc, const char **argv)
590 - char addr[INET6_ADDRSTRLEN];
591 struct NETLOGON_SAM_LOGON_RESPONSE_EX reply;
593 if (c->display_usage) {
594 @@ -407,8 +407,7 @@ static int net_ads_workgroup(struct net_context *c, int argc, const char **argv)
595 ads->ldap.port = 389;
598 - print_sockaddr(addr, sizeof(addr), &ads->ldap.ss);
599 - if ( !ads_cldap_netlogon_5(talloc_tos(), addr, ads->server.realm, &reply ) ) {
600 + if ( !ads_cldap_netlogon_5(talloc_tos(), &ads->ldap.ss, ads->server.realm, &reply ) ) {
601 d_fprintf(stderr, _("CLDAP query failed!\n"));
604 diff --git a/source3/winbindd/idmap_adex/gc_util.c b/source3/winbindd/idmap_adex/gc_util.c
605 index 77b318c..e625265 100644
606 --- a/source3/winbindd/idmap_adex/gc_util.c
607 +++ b/source3/winbindd/idmap_adex/gc_util.c
608 @@ -107,6 +107,7 @@ done:
609 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
610 struct NETLOGON_SAM_LOGON_RESPONSE_EX cldap_reply;
611 TALLOC_CTX *frame = talloc_stackframe();
612 + struct sockaddr_storage ss;
614 if (!gc || !domain) {
615 return NT_STATUS_INVALID_PARAMETER;
616 @@ -126,8 +127,17 @@ done:
617 nt_status = ads_ntstatus(ads_status);
618 BAIL_ON_NTSTATUS_ERROR(nt_status);
620 + if (!resolve_name(ads->config.ldap_server_name, &ss, 0x20, true)) {
621 + DEBUG(5,("gc_find_forest_root: unable to resolve name %s\n",
622 + ads->config.ldap_server_name));
623 + nt_status = NT_STATUS_IO_TIMEOUT;
624 + /* This matches the old code which did the resolve in
625 + * ads_cldap_netlogon_5 */
626 + BAIL_ON_NTSTATUS_ERROR(nt_status);
629 if (!ads_cldap_netlogon_5(frame,
630 - ads->config.ldap_server_name,
639 From 4eb02e7caa83b725988dd9f659b3568873522a30 Mon Sep 17 00:00:00 2001
640 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
641 Date: Wed, 16 Apr 2014 16:07:14 +0200
642 Subject: [PATCH 5/5] PATCHSET11: s3-libads: allow ads_try_connect() to re-use
643 a resolved ip address.
645 Content-Type: text/plain; charset=UTF-8
646 Content-Transfer-Encoding: 8bit
648 Pass down a struct sockaddr_storage to ads_try_connect.
652 Signed-off-by: Günther Deschner <gd@samba.org>
653 Reviewed-by: Andreas Schneider <asn@samba.org>
655 Autobuild-User(master): Günther Deschner <gd@samba.org>
656 Autobuild-Date(master): Thu Apr 17 19:56:16 CEST 2014 on sn-devel-104
658 source3/libads/ldap.c | 44 ++++++++++++++++++++++++++------------------
659 1 file changed, 26 insertions(+), 18 deletions(-)
661 diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
662 index 0db0bcd..f8349cf 100644
663 --- a/source3/libads/ldap.c
664 +++ b/source3/libads/ldap.c
665 @@ -194,33 +194,27 @@ bool ads_closest_dc(ADS_STRUCT *ads)
666 try a connection to a given ldap server, returning True and setting the servers IP
667 in the ads struct if successful
669 -static bool ads_try_connect(ADS_STRUCT *ads, const char *server, bool gc)
670 +static bool ads_try_connect(ADS_STRUCT *ads, bool gc,
671 + struct sockaddr_storage *ss)
673 struct NETLOGON_SAM_LOGON_RESPONSE_EX cldap_reply;
674 TALLOC_CTX *frame = talloc_stackframe();
676 - struct sockaddr_storage ss;
677 char addr[INET6_ADDRSTRLEN];
679 - if (!server || !*server) {
685 - if (!resolve_name(server, &ss, 0x20, true)) {
686 - DEBUG(5,("ads_try_connect: unable to resolve name %s\n",
688 - TALLOC_FREE(frame);
691 - print_sockaddr(addr, sizeof(addr), &ss);
692 + print_sockaddr(addr, sizeof(addr), ss);
694 DEBUG(5,("ads_try_connect: sending CLDAP request to %s (realm: %s)\n",
695 addr, ads->server.realm));
697 ZERO_STRUCT( cldap_reply );
699 - if ( !ads_cldap_netlogon_5(frame, &ss, ads->server.realm, &cldap_reply ) ) {
700 + if ( !ads_cldap_netlogon_5(frame, ss, ads->server.realm, &cldap_reply ) ) {
701 DEBUG(3,("ads_try_connect: CLDAP request %s failed.\n", addr));
704 @@ -260,7 +254,7 @@ static bool ads_try_connect(ADS_STRUCT *ads, const char *server, bool gc)
705 ads->server.workgroup = SMB_STRDUP(cldap_reply.domain_name);
707 ads->ldap.port = gc ? LDAP_GC_PORT : LDAP_PORT;
709 + ads->ldap.ss = *ss;
711 /* Store our site name. */
712 sitename_store( cldap_reply.domain_name, cldap_reply.client_site);
713 @@ -292,6 +286,7 @@ static NTSTATUS ads_find_dc(ADS_STRUCT *ads)
714 bool use_own_domain = False;
716 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
719 /* if the realm and workgroup are both empty, assume they are ours */
721 @@ -345,12 +340,14 @@ static NTSTATUS ads_find_dc(ADS_STRUCT *ads)
722 DEBUG(6,("ads_find_dc: (ldap) looking for %s '%s'\n",
723 (got_realm ? "realm" : "domain"), realm));
725 - if (get_dc_name(domain, realm, srv_name, &ip_out)) {
726 + ok = get_dc_name(domain, realm, srv_name, &ip_out);
729 * we call ads_try_connect() to fill in the
730 * ads->config details
732 - if (ads_try_connect(ads, srv_name, false)) {
733 + ok = ads_try_connect(ads, false, &ip_out);
738 @@ -406,7 +403,8 @@ static NTSTATUS ads_find_dc(ADS_STRUCT *ads)
742 - if ( ads_try_connect(ads, server, false) ) {
743 + ok = ads_try_connect(ads, false, &ip_list[i].ss);
748 @@ -591,9 +589,19 @@ ADS_STATUS ads_connect(ADS_STRUCT *ads)
752 - if (ads->server.ldap_server)
754 - if (ads_try_connect(ads, ads->server.ldap_server, ads->server.gc)) {
755 + if (ads->server.ldap_server) {
757 + struct sockaddr_storage ss;
759 + ok = resolve_name(ads->server.ldap_server, &ss, 0x20, true);
761 + DEBUG(5,("ads_connect: unable to resolve name %s\n",
762 + ads->server.ldap_server));
763 + status = ADS_ERROR_NT(NT_STATUS_NOT_FOUND);
766 + ok = ads_try_connect(ads, ads->server.gc, &ss);
774 diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
775 index b826cb3..5e34aa3 100644
776 --- a/source3/libads/kerberos.c
777 +++ b/source3/libads/kerberos.c
782 - if (domain == NULL || pss == NULL || kdc_name == NULL) {
786 dname = lock_path("smb_krb5");