]> git.ipfire.org Git - ipfire-2.x.git/blob - src/patches/samba/samba-3.6.23-fix_libads_krb5_ipv6.patch
projects / ipfire-2.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
samba: add current RHEL6 patches
[ipfire-2.x.git] / src / patches / samba / samba-3.6.23-fix_libads_krb5_ipv6.patch
1 From 918ac8f0ed19aeaa4718fa94fcabe87d0419d768 Mon Sep 17 00:00:00 2001
2 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
3 Date: Mon, 13 Jan 2014 15:59:26 +0100
4 Subject: [PATCH 1/5] PATCHSET11: s3-kerberos: remove print_kdc_line()
5 completely.
6 MIME-Version: 1.0
7 Content-Type: text/plain; charset=UTF-8
8 Content-Transfer-Encoding: 8bit
9
10 Just calling print_canonical_sockaddr() is sufficient, as it already deals with
11 ipv6 as well. The port handling, which was only done for IPv6 (not IPv4), is
12 removed as well. It was pointless because it always derived the port number from
13 the provided address which was either a SMB (usually port 445) or LDAP
14 connection. No KDC will ever run on port 389 or 445 on a Windows/Samba DC.
15 Finally, the kerberos libraries that we support and build with, can deal with
16 ipv6 addresses in krb5.conf, so we no longer put the (unnecessary) burden of
17 resolving the DC name on the kerberos library anymore.
18
19 Guenther
20
21 Signed-off-by: Günther Deschner <gd@samba.org>
22 Reviewed-by: Andreas Schneider <asn@samba.org>
23
24 Conflicts:
25 source3/libads/kerberos.c
26 ---
27 source3/libads/kerberos.c | 86 +++++------------------------------------------
28 1 file changed, 9 insertions(+), 77 deletions(-)
29
30 diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
31 index 1153ccb..064e5f7 100644
32 --- a/source3/libads/kerberos.c
33 +++ b/source3/libads/kerberos.c
34 @@ -661,73 +661,6 @@ int kerberos_kinit_password(const char *principal,
35 }
36
37 /************************************************************************
38 -************************************************************************/
39 -
40 -static char *print_kdc_line(char *mem_ctx,
41 - const char *prev_line,
42 - const struct sockaddr_storage *pss,
43 - const char *kdc_name)
44 -{
45 - char *kdc_str = NULL;
46 -
47 - if (pss->ss_family == AF_INET) {
48 - kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
49 - prev_line,
50 - print_canonical_sockaddr(mem_ctx, pss));
51 - } else {
52 - char addr[INET6_ADDRSTRLEN];
53 - uint16_t port = get_sockaddr_port(pss);
54 -
55 - DEBUG(10,("print_kdc_line: IPv6 case for kdc_name: %s, port: %d\n",
56 - kdc_name, port));
57 -
58 - if (port != 0 && port != DEFAULT_KRB5_PORT) {
59 - /* Currently for IPv6 we can't specify a non-default
60 - krb5 port with an address, as this requires a ':'.
61 - Resolve to a name. */
62 - char hostname[MAX_DNS_NAME_LENGTH];
63 - int ret = sys_getnameinfo((const struct sockaddr *)pss,
64 - sizeof(*pss),
65 - hostname, sizeof(hostname),
66 - NULL, 0,
67 - NI_NAMEREQD);
68 - if (ret) {
69 - DEBUG(0,("print_kdc_line: can't resolve name "
70 - "for kdc with non-default port %s. "
71 - "Error %s\n.",
72 - print_canonical_sockaddr(mem_ctx, pss),
73 - gai_strerror(ret)));
74 - return NULL;
75 - }
76 - /* Success, use host:port */
77 - kdc_str = talloc_asprintf(mem_ctx,
78 - "%s\tkdc = %s:%u\n",
79 - prev_line,
80 - hostname,
81 - (unsigned int)port);
82 - } else {
83 -
84 - /* no krb5 lib currently supports "kdc = ipv6 address"
85 - * at all, so just fill in just the kdc_name if we have
86 - * it and let the krb5 lib figure out the appropriate
87 - * ipv6 address - gd */
88 -
89 - if (kdc_name) {
90 - kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
91 - prev_line, kdc_name);
92 - } else {
93 - kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
94 - prev_line,
95 - print_sockaddr(addr,
96 - sizeof(addr),
97 - pss));
98 - }
99 - }
100 - }
101 - return kdc_str;
102 -}
103 -
104 -/************************************************************************
105 Create a string list of available kdc's, possibly searching by sitename.
106 Does DNS queries.
107
108 @@ -746,7 +679,8 @@ static char *get_kdc_ip_string(char *mem_ctx,
109 struct ip_service *ip_srv_nonsite = NULL;
110 int count_site = 0;
111 int count_nonsite;
112 - char *kdc_str = print_kdc_line(mem_ctx, "", pss, kdc_name);
113 + char *kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n", "",
114 + print_canonical_sockaddr(mem_ctx, pss));
115
116 if (kdc_str == NULL) {
117 return NULL;
118 @@ -768,10 +702,9 @@ static char *get_kdc_ip_string(char *mem_ctx,
119 }
120 /* Append to the string - inefficient
121 * but not done often. */
122 - kdc_str = print_kdc_line(mem_ctx,
123 - kdc_str,
124 - &ip_srv_site[i].ss,
125 - NULL);
126 + kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
127 + kdc_str,
128 + print_canonical_sockaddr(mem_ctx, &ip_srv_site[i].ss));
129 if (!kdc_str) {
130 SAFE_FREE(ip_srv_site);
131 return NULL;
132 @@ -806,11 +739,10 @@ static char *get_kdc_ip_string(char *mem_ctx,
133 }
134
135 /* Append to the string - inefficient but not done often. */
136 - kdc_str = print_kdc_line(mem_ctx,
137 - kdc_str,
138 - &ip_srv_nonsite[i].ss,
139 - NULL);
140 - if (!kdc_str) {
141 + kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
142 + kdc_str,
143 + print_canonical_sockaddr(mem_ctx, &ip_srv_nonsite[i].ss));
144 + if (kdc_str == NULL) {
145 SAFE_FREE(ip_srv_site);
146 SAFE_FREE(ip_srv_nonsite);
147 return NULL;
148 --
149 1.9.0
150
151
152 From b4eba7d838b60230b9f6c9a08ef0ddc00e3e47f0 Mon Sep 17 00:00:00 2001
153 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
154 Date: Fri, 7 Mar 2014 14:47:31 +0100
155 Subject: [PATCH 2/5] PATCHSET11: s3-kerberos: remove unused kdc_name from
156 create_local_private_krb5_conf_for_domain().
157 MIME-Version: 1.0
158 Content-Type: text/plain; charset=UTF-8
159 Content-Transfer-Encoding: 8bit
160
161 Guenther
162
163 Signed-off-by: Günther Deschner <gd@samba.org>
164 Reviewed-by: Andreas Schneider <asn@samba.org>
165
166 Autobuild-User(master): Günther Deschner <gd@samba.org>
167 Autobuild-Date(master): Fri Mar 7 18:43:57 CET 2014 on sn-devel-104
168
169 Conflicts:
170 source3/libads/kerberos.c
171 source3/libads/kerberos_proto.h
172 source3/libnet/libnet_join.c
173 source3/winbindd/winbindd_cm.c
174 ---
175 source3/libads/kerberos.c | 10 ++++------
176 source3/libads/kerberos_proto.h | 3 +--
177 source3/libnet/libnet_join.c | 2 +-
178 source3/libsmb/namequery_dc.c | 6 ++----
179 source3/winbindd/winbindd_cm.c | 6 ++----
180 5 files changed, 10 insertions(+), 17 deletions(-)
181
182 diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
183 index 064e5f7..b826cb3 100644
184 --- a/source3/libads/kerberos.c
185 +++ b/source3/libads/kerberos.c
186 @@ -671,8 +671,7 @@ int kerberos_kinit_password(const char *principal,
187 static char *get_kdc_ip_string(char *mem_ctx,
188 const char *realm,
189 const char *sitename,
190 - struct sockaddr_storage *pss,
191 - const char *kdc_name)
192 + struct sockaddr_storage *pss)
193 {
194 int i;
195 struct ip_service *ip_srv_site = NULL;
196 @@ -769,8 +768,7 @@ static char *get_kdc_ip_string(char *mem_ctx,
197 bool create_local_private_krb5_conf_for_domain(const char *realm,
198 const char *domain,
199 const char *sitename,
200 - struct sockaddr_storage *pss,
201 - const char *kdc_name)
202 + struct sockaddr_storage *pss)
203 {
204 char *dname;
205 char *tmpname = NULL;
206 @@ -794,7 +792,7 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
207 return false;
208 }
209
210 - if (domain == NULL || pss == NULL || kdc_name == NULL) {
211 + if (domain == NULL || pss == NULL) {
212 return false;
213 }
214
215 @@ -825,7 +823,7 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
216 realm_upper = talloc_strdup(fname, realm);
217 strupper_m(realm_upper);
218
219 - kdc_ip_string = get_kdc_ip_string(dname, realm, sitename, pss, kdc_name);
220 + kdc_ip_string = get_kdc_ip_string(dname, realm, sitename, pss);
221 if (!kdc_ip_string) {
222 goto done;
223 }
224 diff --git a/source3/libads/kerberos_proto.h b/source3/libads/kerberos_proto.h
225 index 406669cc..90d7cd9 100644
226 --- a/source3/libads/kerberos_proto.h
227 +++ b/source3/libads/kerberos_proto.h
228 @@ -75,8 +75,7 @@ int kerberos_kinit_password(const char *principal,
229 bool create_local_private_krb5_conf_for_domain(const char *realm,
230 const char *domain,
231 const char *sitename,
232 - struct sockaddr_storage *pss,
233 - const char *kdc_name);
234 + struct sockaddr_storage *pss);
235
236 /* The following definitions come from libads/authdata.c */
237
238 diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
239 index e84682d..f1736ec 100644
240 --- a/source3/libnet/libnet_join.c
241 +++ b/source3/libnet/libnet_join.c
242 @@ -1985,7 +1985,7 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx,
243
244 create_local_private_krb5_conf_for_domain(
245 r->out.dns_domain_name, r->out.netbios_domain_name,
246 - NULL, &cli->dest_ss, cli->desthost);
247 + NULL, &cli->dest_ss);
248
249 if (r->out.domain_is_ad && r->in.account_ou &&
250 !(r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_UNSECURE)) {
251 diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c
252 index 39b780c..149121a 100644
253 --- a/source3/libsmb/namequery_dc.c
254 +++ b/source3/libsmb/namequery_dc.c
255 @@ -111,14 +111,12 @@ static bool ads_dc_name(const char *domain,
256 create_local_private_krb5_conf_for_domain(realm,
257 domain,
258 sitename,
259 - &ads->ldap.ss,
260 - ads->config.ldap_server_name);
261 + &ads->ldap.ss);
262 } else {
263 create_local_private_krb5_conf_for_domain(realm,
264 domain,
265 NULL,
266 - &ads->ldap.ss,
267 - ads->config.ldap_server_name);
268 + &ads->ldap.ss);
269 }
270 }
271 #endif
272 diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
273 index 8271279..59f30a5 100644
274 --- a/source3/winbindd/winbindd_cm.c
275 +++ b/source3/winbindd/winbindd_cm.c
276 @@ -1226,8 +1226,7 @@ static bool dcip_to_name(TALLOC_CTX *mem_ctx,
277 create_local_private_krb5_conf_for_domain(domain->alt_name,
278 domain->name,
279 sitename,
280 - pss,
281 - name);
282 + pss);
283
284 SAFE_FREE(sitename);
285 } else {
286 @@ -1235,8 +1234,7 @@ static bool dcip_to_name(TALLOC_CTX *mem_ctx,
287 create_local_private_krb5_conf_for_domain(domain->alt_name,
288 domain->name,
289 NULL,
290 - pss,
291 - name);
292 + pss);
293 }
294 winbindd_set_locator_kdc_envs(domain);
295
296 --
297 1.9.0
298
299
300 From db840b57e81922cea984530e2dc1b42cc99e75de Mon Sep 17 00:00:00 2001
301 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
302 Date: Wed, 2 Apr 2014 19:37:34 +0200
303 Subject: [PATCH 3/5] PATCHSET11: s3-kerberos: make ipv6 support for generated
304 krb5 config files more robust.
305 MIME-Version: 1.0
306 Content-Type: text/plain; charset=UTF-8
307 Content-Transfer-Encoding: 8bit
308
309 Older MIT Kerberos libraries will add any secondary ipv6 address as
310 ipv4 address, defining the (default) krb5 port 88 circumvents that.
311
312 Guenther
313
314 Signed-off-by: Günther Deschner <gd@samba.org>
315 Reviewed-by: Andreas Schneider <asn@samba.org>
316
317 Autobuild-User(master): Günther Deschner <gd@samba.org>
318 Autobuild-Date(master): Fri Apr 4 16:33:12 CEST 2014 on sn-devel-104
319
320 Conflicts:
321 source3/libads/kerberos.c
322 ---
323 source3/libads/kerberos.c | 29 +++++++++++++++++++++++++++--
324 1 file changed, 27 insertions(+), 2 deletions(-)
325
326 diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
327 index b826cb3..5e34aa3 100644
328 --- a/source3/libads/kerberos.c
329 +++ b/source3/libads/kerberos.c
330 @@ -668,6 +668,31 @@ int kerberos_kinit_password(const char *principal,
331
332 ************************************************************************/
333
334 +/* print_canonical_sockaddr prints an ipv6 addr in the form of
335 +* [ipv6.addr]. This string, when put in a generated krb5.conf file is not
336 +* always properly dealt with by some older krb5 libraries. Adding the hard-coded
337 +* portnumber workarounds the issue. - gd */
338 +
339 +static char *print_canonical_sockaddr_with_port(TALLOC_CTX *mem_ctx,
340 + const struct sockaddr_storage *pss)
341 +{
342 + char *str = NULL;
343 +
344 + str = print_canonical_sockaddr(mem_ctx, pss);
345 + if (str == NULL) {
346 + return NULL;
347 + }
348 +
349 + if (pss->ss_family != AF_INET6) {
350 + return str;
351 + }
352 +
353 +#if defined(HAVE_IPV6)
354 + str = talloc_asprintf_append(str, ":88");
355 +#endif
356 + return str;
357 +}
358 +
359 static char *get_kdc_ip_string(char *mem_ctx,
360 const char *realm,
361 const char *sitename,
362 @@ -679,7 +704,7 @@ static char *get_kdc_ip_string(char *mem_ctx,
363 int count_site = 0;
364 int count_nonsite;
365 char *kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n", "",
366 - print_canonical_sockaddr(mem_ctx, pss));
367 + print_canonical_sockaddr_with_port(mem_ctx, pss));
368
369 if (kdc_str == NULL) {
370 return NULL;
371 @@ -740,7 +765,7 @@ static char *get_kdc_ip_string(char *mem_ctx,
372 /* Append to the string - inefficient but not done often. */
373 kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
374 kdc_str,
375 - print_canonical_sockaddr(mem_ctx, &ip_srv_nonsite[i].ss));
376 + print_canonical_sockaddr_with_port(mem_ctx, &ip_srv_nonsite[i].ss));
377 if (kdc_str == NULL) {
378 SAFE_FREE(ip_srv_site);
379 SAFE_FREE(ip_srv_nonsite);
380 --
381 1.9.0
382
383
384 From 208f1d7b5ae557bf34a39c847aeb1925ce4cb171 Mon Sep 17 00:00:00 2001
385 From: Andrew Bartlett <abartlet@samba.org>
386 Date: Tue, 26 Apr 2011 17:03:32 +1000
387 Subject: [PATCH 4/5] PATCHSET11: s3-libads Pass a struct sockaddr_storage to
388 cldap routines
389
390 This avoids these routines doing a DNS lookup that has already been
391 done, and ensures that the emulated DNS lookup isn't thrown away.
392
393 Andrew Bartlett
394 ---
395 source3/libads/cldap.c | 14 ++++--------
396 source3/libads/cldap.h | 4 ++--
397 source3/libads/ldap.c | 41 ++++++++++-------------------------
398 source3/libsmb/dsgetdcname.c | 3 ++-
399 source3/utils/net_ads.c | 7 +++---
400 source3/winbindd/idmap_adex/gc_util.c | 12 +++++++++-
401 6 files changed, 33 insertions(+), 48 deletions(-)
402
403 diff --git a/source3/libads/cldap.c b/source3/libads/cldap.c
404 index 5d2e900..03fa17c 100644
405 --- a/source3/libads/cldap.c
406 +++ b/source3/libads/cldap.c
407 @@ -30,7 +30,7 @@
408 *******************************************************************/
409
410 bool ads_cldap_netlogon(TALLOC_CTX *mem_ctx,
411 - const char *server,
412 + struct sockaddr_storage *ss,
413 const char *realm,
414 uint32_t nt_version,
415 struct netlogon_samlogon_response **_reply)
416 @@ -39,18 +39,12 @@ bool ads_cldap_netlogon(TALLOC_CTX *mem_ctx,
417 struct cldap_netlogon io;
418 struct netlogon_samlogon_response *reply;
419 NTSTATUS status;
420 - struct sockaddr_storage ss;
421 char addrstr[INET6_ADDRSTRLEN];
422 const char *dest_str;
423 int ret;
424 struct tsocket_address *dest_addr;
425
426 - if (!interpret_string_addr_prefer_ipv4(&ss, server, 0)) {
427 - DEBUG(2,("Failed to resolve[%s] into an address for cldap\n",
428 - server));
429 - return false;
430 - }
431 - dest_str = print_sockaddr(addrstr, sizeof(addrstr), &ss);
432 + dest_str = print_sockaddr(addrstr, sizeof(addrstr), ss);
433
434 ret = tsocket_address_inet_from_strings(mem_ctx, "ip",
435 dest_str, LDAP_PORT,
436 @@ -113,7 +107,7 @@ failed:
437 *******************************************************************/
438
439 bool ads_cldap_netlogon_5(TALLOC_CTX *mem_ctx,
440 - const char *server,
441 + struct sockaddr_storage *ss,
442 const char *realm,
443 struct NETLOGON_SAM_LOGON_RESPONSE_EX *reply5)
444 {
445 @@ -121,7 +115,7 @@ bool ads_cldap_netlogon_5(TALLOC_CTX *mem_ctx,
446 struct netlogon_samlogon_response *reply = NULL;
447 bool ret;
448
449 - ret = ads_cldap_netlogon(mem_ctx, server, realm, nt_version, &reply);
450 + ret = ads_cldap_netlogon(mem_ctx, ss, realm, nt_version, &reply);
451 if (!ret) {
452 return false;
453 }
454 diff --git a/source3/libads/cldap.h b/source3/libads/cldap.h
455 index d2ad4b0..60e1c56 100644
456 --- a/source3/libads/cldap.h
457 +++ b/source3/libads/cldap.h
458 @@ -27,12 +27,12 @@
459
460 /* The following definitions come from libads/cldap.c */
461 bool ads_cldap_netlogon(TALLOC_CTX *mem_ctx,
462 - const char *server,
463 + struct sockaddr_storage *ss,
464 const char *realm,
465 uint32_t nt_version,
466 struct netlogon_samlogon_response **reply);
467 bool ads_cldap_netlogon_5(TALLOC_CTX *mem_ctx,
468 - const char *server,
469 + struct sockaddr_storage *ss,
470 const char *realm,
471 struct NETLOGON_SAM_LOGON_RESPONSE_EX *reply5);
472
473 diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
474 index b841c84..0db0bcd 100644
475 --- a/source3/libads/ldap.c
476 +++ b/source3/libads/ldap.c
477 @@ -196,45 +196,32 @@ bool ads_closest_dc(ADS_STRUCT *ads)
478 */
479 static bool ads_try_connect(ADS_STRUCT *ads, const char *server, bool gc)
480 {
481 - char *srv;
482 struct NETLOGON_SAM_LOGON_RESPONSE_EX cldap_reply;
483 TALLOC_CTX *frame = talloc_stackframe();
484 bool ret = false;
485 + struct sockaddr_storage ss;
486 + char addr[INET6_ADDRSTRLEN];
487
488 if (!server || !*server) {
489 TALLOC_FREE(frame);
490 return False;
491 }
492
493 - if (!is_ipaddress(server)) {
494 - struct sockaddr_storage ss;
495 - char addr[INET6_ADDRSTRLEN];
496 -
497 - if (!resolve_name(server, &ss, 0x20, true)) {
498 - DEBUG(5,("ads_try_connect: unable to resolve name %s\n",
499 - server ));
500 - TALLOC_FREE(frame);
501 - return false;
502 - }
503 - print_sockaddr(addr, sizeof(addr), &ss);
504 - srv = talloc_strdup(frame, addr);
505 - } else {
506 - /* this copes with inet_ntoa brokenness */
507 - srv = talloc_strdup(frame, server);
508 - }
509 -
510 - if (!srv) {
511 + if (!resolve_name(server, &ss, 0x20, true)) {
512 + DEBUG(5,("ads_try_connect: unable to resolve name %s\n",
513 + server ));
514 TALLOC_FREE(frame);
515 return false;
516 }
517 + print_sockaddr(addr, sizeof(addr), &ss);
518
519 DEBUG(5,("ads_try_connect: sending CLDAP request to %s (realm: %s)\n",
520 - srv, ads->server.realm));
521 + addr, ads->server.realm));
522
523 ZERO_STRUCT( cldap_reply );
524
525 - if ( !ads_cldap_netlogon_5(frame, srv, ads->server.realm, &cldap_reply ) ) {
526 - DEBUG(3,("ads_try_connect: CLDAP request %s failed.\n", srv));
527 + if ( !ads_cldap_netlogon_5(frame, &ss, ads->server.realm, &cldap_reply ) ) {
528 + DEBUG(3,("ads_try_connect: CLDAP request %s failed.\n", addr));
529 ret = false;
530 goto out;
531 }
532 @@ -243,7 +230,7 @@ static bool ads_try_connect(ADS_STRUCT *ads, const char *server, bool gc)
533
534 if ( !(cldap_reply.server_type & NBT_SERVER_LDAP) ) {
535 DEBUG(1,("ads_try_connect: %s's CLDAP reply says it is not an LDAP server!\n",
536 - srv));
537 + addr));
538 ret = false;
539 goto out;
540 }
541 @@ -273,13 +260,7 @@ static bool ads_try_connect(ADS_STRUCT *ads, const char *server, bool gc)
542 ads->server.workgroup = SMB_STRDUP(cldap_reply.domain_name);
543
544 ads->ldap.port = gc ? LDAP_GC_PORT : LDAP_PORT;
545 - if (!interpret_string_addr(&ads->ldap.ss, srv, 0)) {
546 - DEBUG(1,("ads_try_connect: unable to convert %s "
547 - "to an address\n",
548 - srv));
549 - ret = false;
550 - goto out;
551 - }
552 + ads->ldap.ss = ss;
553
554 /* Store our site name. */
555 sitename_store( cldap_reply.domain_name, cldap_reply.client_site);
556 diff --git a/source3/libsmb/dsgetdcname.c b/source3/libsmb/dsgetdcname.c
557 index 841a179..2f8b8dc 100644
558 --- a/source3/libsmb/dsgetdcname.c
559 +++ b/source3/libsmb/dsgetdcname.c
560 @@ -863,9 +863,10 @@ static NTSTATUS process_dc_dns(TALLOC_CTX *mem_ctx,
561
562 for (i=0; i<num_dcs; i++) {
563
564 +
565 DEBUG(10,("LDAP ping to %s\n", dclist[i].hostname));
566
567 - if (ads_cldap_netlogon(mem_ctx, dclist[i].hostname,
568 + if (ads_cldap_netlogon(mem_ctx, &dclist[i].ss,
569 domain_name,
570 nt_version,
571 &r))
572 diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
573 index 8f8b7b4..816349d 100644
574 --- a/source3/utils/net_ads.c
575 +++ b/source3/utils/net_ads.c
576 @@ -62,7 +62,8 @@ static int net_ads_cldap_netlogon(struct net_context *c, ADS_STRUCT *ads)
577 struct NETLOGON_SAM_LOGON_RESPONSE_EX reply;
578
579 print_sockaddr(addr, sizeof(addr), &ads->ldap.ss);
580 - if ( !ads_cldap_netlogon_5(talloc_tos(), addr, ads->server.realm, &reply ) ) {
581 +
582 + if ( !ads_cldap_netlogon_5(talloc_tos(), &ads->ldap.ss, ads->server.realm, &reply ) ) {
583 d_fprintf(stderr, _("CLDAP query failed!\n"));
584 return -1;
585 }
586 @@ -385,7 +386,6 @@ int net_ads_check(struct net_context *c)
587 static int net_ads_workgroup(struct net_context *c, int argc, const char **argv)
588 {
589 ADS_STRUCT *ads;
590 - char addr[INET6_ADDRSTRLEN];
591 struct NETLOGON_SAM_LOGON_RESPONSE_EX reply;
592
593 if (c->display_usage) {
594 @@ -407,8 +407,7 @@ static int net_ads_workgroup(struct net_context *c, int argc, const char **argv)
595 ads->ldap.port = 389;
596 }
597
598 - print_sockaddr(addr, sizeof(addr), &ads->ldap.ss);
599 - if ( !ads_cldap_netlogon_5(talloc_tos(), addr, ads->server.realm, &reply ) ) {
600 + if ( !ads_cldap_netlogon_5(talloc_tos(), &ads->ldap.ss, ads->server.realm, &reply ) ) {
601 d_fprintf(stderr, _("CLDAP query failed!\n"));
602 ads_destroy(&ads);
603 return -1;
604 diff --git a/source3/winbindd/idmap_adex/gc_util.c b/source3/winbindd/idmap_adex/gc_util.c
605 index 77b318c..e625265 100644
606 --- a/source3/winbindd/idmap_adex/gc_util.c
607 +++ b/source3/winbindd/idmap_adex/gc_util.c
608 @@ -107,6 +107,7 @@ done:
609 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
610 struct NETLOGON_SAM_LOGON_RESPONSE_EX cldap_reply;
611 TALLOC_CTX *frame = talloc_stackframe();
612 + struct sockaddr_storage ss;
613
614 if (!gc || !domain) {
615 return NT_STATUS_INVALID_PARAMETER;
616 @@ -126,8 +127,17 @@ done:
617 nt_status = ads_ntstatus(ads_status);
618 BAIL_ON_NTSTATUS_ERROR(nt_status);
619
620 + if (!resolve_name(ads->config.ldap_server_name, &ss, 0x20, true)) {
621 + DEBUG(5,("gc_find_forest_root: unable to resolve name %s\n",
622 + ads->config.ldap_server_name));
623 + nt_status = NT_STATUS_IO_TIMEOUT;
624 + /* This matches the old code which did the resolve in
625 + * ads_cldap_netlogon_5 */
626 + BAIL_ON_NTSTATUS_ERROR(nt_status);
627 + }
628 +
629 if (!ads_cldap_netlogon_5(frame,
630 - ads->config.ldap_server_name,
631 + &ss,
632 ads->config.realm,
633 &cldap_reply))
634 {
635 --
636 1.9.0
637
638
639 From 4eb02e7caa83b725988dd9f659b3568873522a30 Mon Sep 17 00:00:00 2001
640 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
641 Date: Wed, 16 Apr 2014 16:07:14 +0200
642 Subject: [PATCH 5/5] PATCHSET11: s3-libads: allow ads_try_connect() to re-use
643 a resolved ip address.
644 MIME-Version: 1.0
645 Content-Type: text/plain; charset=UTF-8
646 Content-Transfer-Encoding: 8bit
647
648 Pass down a struct sockaddr_storage to ads_try_connect.
649
650 Guenther
651
652 Signed-off-by: Günther Deschner <gd@samba.org>
653 Reviewed-by: Andreas Schneider <asn@samba.org>
654
655 Autobuild-User(master): Günther Deschner <gd@samba.org>
656 Autobuild-Date(master): Thu Apr 17 19:56:16 CEST 2014 on sn-devel-104
657 ---
658 source3/libads/ldap.c | 44 ++++++++++++++++++++++++++------------------
659 1 file changed, 26 insertions(+), 18 deletions(-)
660
661 diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
662 index 0db0bcd..f8349cf 100644
663 --- a/source3/libads/ldap.c
664 +++ b/source3/libads/ldap.c
665 @@ -194,33 +194,27 @@ bool ads_closest_dc(ADS_STRUCT *ads)
666 try a connection to a given ldap server, returning True and setting the servers IP
667 in the ads struct if successful
668 */
669 -static bool ads_try_connect(ADS_STRUCT *ads, const char *server, bool gc)
670 +static bool ads_try_connect(ADS_STRUCT *ads, bool gc,
671 + struct sockaddr_storage *ss)
672 {
673 struct NETLOGON_SAM_LOGON_RESPONSE_EX cldap_reply;
674 TALLOC_CTX *frame = talloc_stackframe();
675 bool ret = false;
676 - struct sockaddr_storage ss;
677 char addr[INET6_ADDRSTRLEN];
678
679 - if (!server || !*server) {
680 + if (ss == NULL) {
681 TALLOC_FREE(frame);
682 return False;
683 }
684
685 - if (!resolve_name(server, &ss, 0x20, true)) {
686 - DEBUG(5,("ads_try_connect: unable to resolve name %s\n",
687 - server ));
688 - TALLOC_FREE(frame);
689 - return false;
690 - }
691 - print_sockaddr(addr, sizeof(addr), &ss);
692 + print_sockaddr(addr, sizeof(addr), ss);
693
694 DEBUG(5,("ads_try_connect: sending CLDAP request to %s (realm: %s)\n",
695 addr, ads->server.realm));
696
697 ZERO_STRUCT( cldap_reply );
698
699 - if ( !ads_cldap_netlogon_5(frame, &ss, ads->server.realm, &cldap_reply ) ) {
700 + if ( !ads_cldap_netlogon_5(frame, ss, ads->server.realm, &cldap_reply ) ) {
701 DEBUG(3,("ads_try_connect: CLDAP request %s failed.\n", addr));
702 ret = false;
703 goto out;
704 @@ -260,7 +254,7 @@ static bool ads_try_connect(ADS_STRUCT *ads, const char *server, bool gc)
705 ads->server.workgroup = SMB_STRDUP(cldap_reply.domain_name);
706
707 ads->ldap.port = gc ? LDAP_GC_PORT : LDAP_PORT;
708 - ads->ldap.ss = ss;
709 + ads->ldap.ss = *ss;
710
711 /* Store our site name. */
712 sitename_store( cldap_reply.domain_name, cldap_reply.client_site);
713 @@ -292,6 +286,7 @@ static NTSTATUS ads_find_dc(ADS_STRUCT *ads)
714 bool use_own_domain = False;
715 char *sitename;
716 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
717 + bool ok = false;
718
719 /* if the realm and workgroup are both empty, assume they are ours */
720
721 @@ -345,12 +340,14 @@ static NTSTATUS ads_find_dc(ADS_STRUCT *ads)
722 DEBUG(6,("ads_find_dc: (ldap) looking for %s '%s'\n",
723 (got_realm ? "realm" : "domain"), realm));
724
725 - if (get_dc_name(domain, realm, srv_name, &ip_out)) {
726 + ok = get_dc_name(domain, realm, srv_name, &ip_out);
727 + if (ok) {
728 /*
729 * we call ads_try_connect() to fill in the
730 * ads->config details
731 */
732 - if (ads_try_connect(ads, srv_name, false)) {
733 + ok = ads_try_connect(ads, false, &ip_out);
734 + if (ok) {
735 return NT_STATUS_OK;
736 }
737 }
738 @@ -406,7 +403,8 @@ static NTSTATUS ads_find_dc(ADS_STRUCT *ads)
739 }
740 }
741
742 - if ( ads_try_connect(ads, server, false) ) {
743 + ok = ads_try_connect(ads, false, &ip_list[i].ss);
744 + if (ok) {
745 SAFE_FREE(ip_list);
746 SAFE_FREE(sitename);
747 return NT_STATUS_OK;
748 @@ -591,9 +589,19 @@ ADS_STATUS ads_connect(ADS_STRUCT *ads)
749 TALLOC_FREE(s);
750 }
751
752 - if (ads->server.ldap_server)
753 - {
754 - if (ads_try_connect(ads, ads->server.ldap_server, ads->server.gc)) {
755 + if (ads->server.ldap_server) {
756 + bool ok = false;
757 + struct sockaddr_storage ss;
758 +
759 + ok = resolve_name(ads->server.ldap_server, &ss, 0x20, true);
760 + if (!ok) {
761 + DEBUG(5,("ads_connect: unable to resolve name %s\n",
762 + ads->server.ldap_server));
763 + status = ADS_ERROR_NT(NT_STATUS_NOT_FOUND);
764 + goto out;
765 + }
766 + ok = ads_try_connect(ads, ads->server.gc, &ss);
767 + if (ok) {
768 goto got_connection;
769 }
770
771 --
772 1.9.0
773
774 diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
775 index b826cb3..5e34aa3 100644
776 --- a/source3/libads/kerberos.c
777 +++ b/source3/libads/kerberos.c
778 @@ -827,10 +827,6 @@
779 return false;
780 }
781
782 - if (domain == NULL || pss == NULL || kdc_name == NULL) {
783 - return false;
784 - }
785 -
786 dname = lock_path("smb_krb5");
787 if (!dname) {
788 return false;
IPFire 2.x development tree