- Update to 3.5.3
- Make sure nmb and smb initscripts return LSB compliant return codes - Fix winbind over ipv6 Guenther
This commit is contained in:
parent
7ca128e451
commit
7021ac8149
|
@ -1 +1 @@
|
|||
samba-3.5.2.tar.gz
|
||||
samba-3.5.3.tar.gz
|
||||
|
|
2
nmb.init
2
nmb.init
|
@ -71,7 +71,7 @@ reload() {
|
|||
}
|
||||
|
||||
rhstatus() {
|
||||
status nmbd
|
||||
status -l nmb nmbd
|
||||
return $?
|
||||
}
|
||||
|
||||
|
|
|
@ -0,0 +1,273 @@
|
|||
From 841525d4b9dcf167ae114dd656d74c510ef36c13 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
|
||||
Date: Fri, 14 May 2010 23:21:47 +0200
|
||||
Subject: [PATCH 1/3] s3-winbind: make the getpeername() checks in cm_prepare_connection ipv6 aware.
|
||||
|
||||
ipv6 gurus, please check.
|
||||
|
||||
Guenther
|
||||
---
|
||||
source3/winbindd/winbindd_cm.c | 30 +++++++++++++++++++++++++-----
|
||||
1 files changed, 25 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
|
||||
index 9715363..45747d4 100644
|
||||
--- a/source3/winbindd/winbindd_cm.c
|
||||
+++ b/source3/winbindd/winbindd_cm.c
|
||||
@@ -808,11 +808,31 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
|
||||
|
||||
peeraddr_len = sizeof(peeraddr);
|
||||
|
||||
- if ((getpeername((*cli)->fd, &peeraddr, &peeraddr_len) != 0) ||
|
||||
- (peeraddr_len != sizeof(struct sockaddr_in)) ||
|
||||
- (peeraddr_in->sin_family != PF_INET))
|
||||
- {
|
||||
- DEBUG(0,("cm_prepare_connection: %s\n", strerror(errno)));
|
||||
+ if ((getpeername((*cli)->fd, &peeraddr, &peeraddr_len) != 0)) {
|
||||
+ DEBUG(0,("cm_prepare_connection: getpeername failed with: %s\n",
|
||||
+ strerror(errno)));
|
||||
+ result = NT_STATUS_UNSUCCESSFUL;
|
||||
+ goto done;
|
||||
+ }
|
||||
+
|
||||
+ if ((peeraddr_len != sizeof(struct sockaddr_in))
|
||||
+#ifdef HAVE_IPV6
|
||||
+ && (peeraddr_len != sizeof(struct sockaddr_in6))
|
||||
+#endif
|
||||
+ ) {
|
||||
+ DEBUG(0,("cm_prepare_connection: got unexpected peeraddr len %d\n",
|
||||
+ peeraddr_len));
|
||||
+ result = NT_STATUS_UNSUCCESSFUL;
|
||||
+ goto done;
|
||||
+ }
|
||||
+
|
||||
+ if ((peeraddr_in->sin_family != PF_INET)
|
||||
+#ifdef HAVE_IPV6
|
||||
+ && (peeraddr_in->sin_family != PF_INET6)
|
||||
+#endif
|
||||
+ ) {
|
||||
+ DEBUG(0,("cm_prepare_connection: got unexpected family %d\n",
|
||||
+ peeraddr_in->sin_family));
|
||||
result = NT_STATUS_UNSUCCESSFUL;
|
||||
goto done;
|
||||
}
|
||||
--
|
||||
1.6.6.1
|
||||
|
||||
|
||||
From 435ba0625599388f585759738554ddb509ce3c54 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
|
||||
Date: Fri, 14 May 2010 23:23:34 +0200
|
||||
Subject: [PATCH 2/3] s3-kerberos: pass down kdc_name to create_local_private_krb5_conf_for_domain().
|
||||
|
||||
Guenther
|
||||
---
|
||||
source3/include/proto.h | 3 ++-
|
||||
source3/libads/kerberos.c | 19 ++++++++++++-------
|
||||
source3/libsmb/namequery_dc.c | 6 ++++--
|
||||
source3/winbindd/winbindd_cm.c | 6 ++++--
|
||||
4 files changed, 22 insertions(+), 12 deletions(-)
|
||||
|
||||
diff --git a/source3/include/proto.h b/source3/include/proto.h
|
||||
index 91b6bd9..b633d9e 100644
|
||||
--- a/source3/include/proto.h
|
||||
+++ b/source3/include/proto.h
|
||||
@@ -1821,7 +1821,8 @@ int kerberos_kinit_password(const char *principal,
|
||||
bool create_local_private_krb5_conf_for_domain(const char *realm,
|
||||
const char *domain,
|
||||
const char *sitename,
|
||||
- struct sockaddr_storage *pss);
|
||||
+ struct sockaddr_storage *pss,
|
||||
+ const char *kdc_name);
|
||||
|
||||
/* The following definitions come from libads/kerberos_keytab.c */
|
||||
|
||||
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
|
||||
index 7fb4ec3..01a88e8 100644
|
||||
--- a/source3/libads/kerberos.c
|
||||
+++ b/source3/libads/kerberos.c
|
||||
@@ -715,7 +715,8 @@ int kerberos_kinit_password(const char *principal,
|
||||
|
||||
static char *print_kdc_line(char *mem_ctx,
|
||||
const char *prev_line,
|
||||
- const struct sockaddr_storage *pss)
|
||||
+ const struct sockaddr_storage *pss,
|
||||
+ const char *kdc_name)
|
||||
{
|
||||
char *kdc_str = NULL;
|
||||
|
||||
@@ -772,14 +773,15 @@ static char *print_kdc_line(char *mem_ctx,
|
||||
static char *get_kdc_ip_string(char *mem_ctx,
|
||||
const char *realm,
|
||||
const char *sitename,
|
||||
- struct sockaddr_storage *pss)
|
||||
+ struct sockaddr_storage *pss,
|
||||
+ const char *kdc_name)
|
||||
{
|
||||
int i;
|
||||
struct ip_service *ip_srv_site = NULL;
|
||||
struct ip_service *ip_srv_nonsite = NULL;
|
||||
int count_site = 0;
|
||||
int count_nonsite;
|
||||
- char *kdc_str = print_kdc_line(mem_ctx, "", pss);
|
||||
+ char *kdc_str = print_kdc_line(mem_ctx, "", pss, kdc_name);
|
||||
|
||||
if (kdc_str == NULL) {
|
||||
return NULL;
|
||||
@@ -803,7 +805,8 @@ static char *get_kdc_ip_string(char *mem_ctx,
|
||||
* but not done often. */
|
||||
kdc_str = print_kdc_line(mem_ctx,
|
||||
kdc_str,
|
||||
- &ip_srv_site[i].ss);
|
||||
+ &ip_srv_site[i].ss,
|
||||
+ NULL);
|
||||
if (!kdc_str) {
|
||||
SAFE_FREE(ip_srv_site);
|
||||
return NULL;
|
||||
@@ -840,7 +843,8 @@ static char *get_kdc_ip_string(char *mem_ctx,
|
||||
/* Append to the string - inefficient but not done often. */
|
||||
kdc_str = print_kdc_line(mem_ctx,
|
||||
kdc_str,
|
||||
- &ip_srv_nonsite[i].ss);
|
||||
+ &ip_srv_nonsite[i].ss,
|
||||
+ NULL);
|
||||
if (!kdc_str) {
|
||||
SAFE_FREE(ip_srv_site);
|
||||
SAFE_FREE(ip_srv_nonsite);
|
||||
@@ -868,7 +872,8 @@ static char *get_kdc_ip_string(char *mem_ctx,
|
||||
bool create_local_private_krb5_conf_for_domain(const char *realm,
|
||||
const char *domain,
|
||||
const char *sitename,
|
||||
- struct sockaddr_storage *pss)
|
||||
+ struct sockaddr_storage *pss,
|
||||
+ const char *kdc_name)
|
||||
{
|
||||
char *dname;
|
||||
char *tmpname = NULL;
|
||||
@@ -912,7 +917,7 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
|
||||
realm_upper = talloc_strdup(fname, realm);
|
||||
strupper_m(realm_upper);
|
||||
|
||||
- kdc_ip_string = get_kdc_ip_string(dname, realm, sitename, pss);
|
||||
+ kdc_ip_string = get_kdc_ip_string(dname, realm, sitename, pss, kdc_name);
|
||||
if (!kdc_ip_string) {
|
||||
goto done;
|
||||
}
|
||||
diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c
|
||||
index 3b3470d..cebd793 100644
|
||||
--- a/source3/libsmb/namequery_dc.c
|
||||
+++ b/source3/libsmb/namequery_dc.c
|
||||
@@ -109,12 +109,14 @@ static bool ads_dc_name(const char *domain,
|
||||
create_local_private_krb5_conf_for_domain(realm,
|
||||
domain,
|
||||
sitename,
|
||||
- &ads->ldap.ss);
|
||||
+ &ads->ldap.ss,
|
||||
+ ads->config.ldap_server_name);
|
||||
} else {
|
||||
create_local_private_krb5_conf_for_domain(realm,
|
||||
domain,
|
||||
NULL,
|
||||
- &ads->ldap.ss);
|
||||
+ &ads->ldap.ss,
|
||||
+ ads->config.ldap_server_name);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
|
||||
index 45747d4..5ea5196 100644
|
||||
--- a/source3/winbindd/winbindd_cm.c
|
||||
+++ b/source3/winbindd/winbindd_cm.c
|
||||
@@ -1152,7 +1152,8 @@ static bool dcip_to_name(TALLOC_CTX *mem_ctx,
|
||||
create_local_private_krb5_conf_for_domain(domain->alt_name,
|
||||
domain->name,
|
||||
sitename,
|
||||
- pss);
|
||||
+ pss,
|
||||
+ name);
|
||||
|
||||
SAFE_FREE(sitename);
|
||||
} else {
|
||||
@@ -1160,7 +1161,8 @@ static bool dcip_to_name(TALLOC_CTX *mem_ctx,
|
||||
create_local_private_krb5_conf_for_domain(domain->alt_name,
|
||||
domain->name,
|
||||
NULL,
|
||||
- pss);
|
||||
+ pss,
|
||||
+ name);
|
||||
}
|
||||
winbindd_set_locator_kdc_envs(domain);
|
||||
|
||||
--
|
||||
1.6.6.1
|
||||
|
||||
|
||||
From 06135ae36667c96fe28b69724393323727e82ba6 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
|
||||
Date: Sat, 15 May 2010 00:34:35 +0200
|
||||
Subject: [PATCH 3/3] s3-kerberos: temporary fix for ipv6 in print_kdc_line().
|
||||
|
||||
Currently no krb5 lib supports "kdc = ipv6 address" at all, so for now just fill
|
||||
in just the kdc_name if we have it and let the krb5 lib figure out the
|
||||
appropriate ipv6 address
|
||||
|
||||
ipv6 gurus, please check.
|
||||
|
||||
Guenther
|
||||
---
|
||||
source3/libads/kerberos.c | 25 ++++++++++++++++++++-----
|
||||
1 files changed, 20 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
|
||||
index 01a88e8..c78b8b8 100644
|
||||
--- a/source3/libads/kerberos.c
|
||||
+++ b/source3/libads/kerberos.c
|
||||
@@ -728,6 +728,9 @@ static char *print_kdc_line(char *mem_ctx,
|
||||
char addr[INET6_ADDRSTRLEN];
|
||||
uint16_t port = get_sockaddr_port(pss);
|
||||
|
||||
+ DEBUG(10,("print_kdc_line: IPV6 case for kdc_name: %s, port: %d\n",
|
||||
+ kdc_name, port));
|
||||
+
|
||||
if (port != 0 && port != DEFAULT_KRB5_PORT) {
|
||||
/* Currently for IPv6 we can't specify a non-default
|
||||
krb5 port with an address, as this requires a ':'.
|
||||
@@ -744,6 +747,7 @@ static char *print_kdc_line(char *mem_ctx,
|
||||
"Error %s\n.",
|
||||
print_canonical_sockaddr(mem_ctx, pss),
|
||||
gai_strerror(ret)));
|
||||
+ return NULL;
|
||||
}
|
||||
/* Success, use host:port */
|
||||
kdc_str = talloc_asprintf(mem_ctx,
|
||||
@@ -752,11 +756,22 @@ static char *print_kdc_line(char *mem_ctx,
|
||||
hostname,
|
||||
(unsigned int)port);
|
||||
} else {
|
||||
- kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
|
||||
- prev_line,
|
||||
- print_sockaddr(addr,
|
||||
- sizeof(addr),
|
||||
- pss));
|
||||
+
|
||||
+ /* no krb5 lib currently supports "kdc = ipv6 address"
|
||||
+ * at all, so just fill in just the kdc_name if we have
|
||||
+ * it and let the krb5 lib figure out the appropriate
|
||||
+ * ipv6 address - gd */
|
||||
+
|
||||
+ if (kdc_name) {
|
||||
+ kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
|
||||
+ prev_line, kdc_name);
|
||||
+ } else {
|
||||
+ kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
|
||||
+ prev_line,
|
||||
+ print_sockaddr(addr,
|
||||
+ sizeof(addr),
|
||||
+ pss));
|
||||
+ }
|
||||
}
|
||||
}
|
||||
return kdc_str;
|
||||
--
|
||||
1.6.6.1
|
||||
|
|
@ -1,22 +0,0 @@
|
|||
diff -uPr samba-3.5.2.orig/source3/libsmb/cliconnect.c samba-3.5.2/source3/libsmb/cliconnect.c
|
||||
--- samba-3.5.2.orig/source3/libsmb/cliconnect.c 2010-04-01 09:26:22.000000000 -0400
|
||||
+++ samba-3.5.2/source3/libsmb/cliconnect.c 2010-05-01 14:05:58.171965275 -0400
|
||||
@@ -1320,6 +1320,8 @@
|
||||
char *tmp = NULL;
|
||||
uint8_t *bytes;
|
||||
|
||||
+ *psmbreq = NULL;
|
||||
+
|
||||
req = tevent_req_create(mem_ctx, &state, struct cli_tcon_andx_state);
|
||||
if (req == NULL) {
|
||||
return NULL;
|
||||
@@ -1455,6 +1457,9 @@
|
||||
if (req == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
+ if (subreq == NULL) {
|
||||
+ return req;
|
||||
+ }
|
||||
status = cli_smb_req_send(subreq);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
tevent_req_nterror(req, status);
|
13
samba.spec
13
samba.spec
|
@ -1,5 +1,5 @@
|
|||
%define main_release 60
|
||||
%define samba_version 3.5.2
|
||||
%define main_release 61
|
||||
%define samba_version 3.5.3
|
||||
%define tdb_version 1.2.1
|
||||
%define talloc_version 2.0.1
|
||||
#%define pre_release rc3
|
||||
|
@ -37,7 +37,7 @@ Source999: filter-requires-samba.sh
|
|||
|
||||
# upstream patches. Applied first so that they'll break our patches rather
|
||||
# than the other way around
|
||||
Patch01: samba-3.5.2-smbclient-segfault.patch
|
||||
Patch01: samba-3.5.2-ipv6.patch
|
||||
|
||||
# generic patches
|
||||
Patch102: samba-3.2.0pre1-pipedir.patch
|
||||
|
@ -194,7 +194,7 @@ cp %{SOURCE10} packaging/Fedora/
|
|||
cp %{SOURCE11} packaging/Fedora/
|
||||
|
||||
# Upstream patches
|
||||
%patch01 -p1 -b .smbclient_segfault
|
||||
%patch01 -p1 -b .ipv6
|
||||
# generic patches
|
||||
%patch102 -p1 -b .pipedir
|
||||
#%patch103 -p1 -b .logfiles
|
||||
|
@ -650,6 +650,11 @@ exit 0
|
|||
%{_datadir}/pixmaps/samba/logo-small.png
|
||||
|
||||
%changelog
|
||||
* Wed May 19 2010 Guenther Deschner <gdeschner@redhat.com> - 3.5.3-61
|
||||
- Update to 3.5.3
|
||||
- Make sure nmb and smb initscripts return LSB compliant return codes
|
||||
- Fix winbind over ipv6
|
||||
|
||||
* Sat May 01 2010 Simo Sorce <ssorce@redhat.com> - 3.5.2-60
|
||||
- Fix segfault bug #586511
|
||||
|
||||
|
|
2
smb.init
2
smb.init
|
@ -71,7 +71,7 @@ reload() {
|
|||
}
|
||||
|
||||
rhstatus() {
|
||||
status smbd
|
||||
status -l smb smbd
|
||||
return $?
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue