From f942ad3589a239e32df33227472971b3ecc21681 Mon Sep 17 00:00:00 2001 From: Guenther Deschner Date: Wed, 23 Jun 2010 10:49:06 +0000 Subject: [PATCH] Update to 3.5.4 Guenther --- samba-3.5.2-ipv6.patch | 273 ----------------------------------------- samba.spec | 9 +- 2 files changed, 5 insertions(+), 277 deletions(-) delete mode 100644 samba-3.5.2-ipv6.patch diff --git a/samba-3.5.2-ipv6.patch b/samba-3.5.2-ipv6.patch deleted file mode 100644 index 322570f..0000000 --- a/samba-3.5.2-ipv6.patch +++ /dev/null @@ -1,273 +0,0 @@ -From 841525d4b9dcf167ae114dd656d74c510ef36c13 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?G=C3=BCnther=20Deschner?= -Date: Fri, 14 May 2010 23:21:47 +0200 -Subject: [PATCH 1/3] s3-winbind: make the getpeername() checks in cm_prepare_connection ipv6 aware. - -ipv6 gurus, please check. - -Guenther ---- - source3/winbindd/winbindd_cm.c | 30 +++++++++++++++++++++++++----- - 1 files changed, 25 insertions(+), 5 deletions(-) - -diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c -index 9715363..45747d4 100644 ---- a/source3/winbindd/winbindd_cm.c -+++ b/source3/winbindd/winbindd_cm.c -@@ -808,11 +808,31 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain, - - peeraddr_len = sizeof(peeraddr); - -- if ((getpeername((*cli)->fd, &peeraddr, &peeraddr_len) != 0) || -- (peeraddr_len != sizeof(struct sockaddr_in)) || -- (peeraddr_in->sin_family != PF_INET)) -- { -- DEBUG(0,("cm_prepare_connection: %s\n", strerror(errno))); -+ if ((getpeername((*cli)->fd, &peeraddr, &peeraddr_len) != 0)) { -+ DEBUG(0,("cm_prepare_connection: getpeername failed with: %s\n", -+ strerror(errno))); -+ result = NT_STATUS_UNSUCCESSFUL; -+ goto done; -+ } -+ -+ if ((peeraddr_len != sizeof(struct sockaddr_in)) -+#ifdef HAVE_IPV6 -+ && (peeraddr_len != sizeof(struct sockaddr_in6)) -+#endif -+ ) { -+ DEBUG(0,("cm_prepare_connection: got unexpected peeraddr len %d\n", -+ peeraddr_len)); -+ result = NT_STATUS_UNSUCCESSFUL; -+ goto done; -+ } -+ -+ if ((peeraddr_in->sin_family != PF_INET) -+#ifdef HAVE_IPV6 -+ && (peeraddr_in->sin_family != PF_INET6) -+#endif -+ ) { -+ DEBUG(0,("cm_prepare_connection: got unexpected family %d\n", -+ peeraddr_in->sin_family)); - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } --- -1.6.6.1 - - -From 435ba0625599388f585759738554ddb509ce3c54 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?G=C3=BCnther=20Deschner?= -Date: Fri, 14 May 2010 23:23:34 +0200 -Subject: [PATCH 2/3] s3-kerberos: pass down kdc_name to create_local_private_krb5_conf_for_domain(). - -Guenther ---- - source3/include/proto.h | 3 ++- - source3/libads/kerberos.c | 19 ++++++++++++------- - source3/libsmb/namequery_dc.c | 6 ++++-- - source3/winbindd/winbindd_cm.c | 6 ++++-- - 4 files changed, 22 insertions(+), 12 deletions(-) - -diff --git a/source3/include/proto.h b/source3/include/proto.h -index 91b6bd9..b633d9e 100644 ---- a/source3/include/proto.h -+++ b/source3/include/proto.h -@@ -1821,7 +1821,8 @@ int kerberos_kinit_password(const char *principal, - bool create_local_private_krb5_conf_for_domain(const char *realm, - const char *domain, - const char *sitename, -- struct sockaddr_storage *pss); -+ struct sockaddr_storage *pss, -+ const char *kdc_name); - - /* The following definitions come from libads/kerberos_keytab.c */ - -diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c -index 7fb4ec3..01a88e8 100644 ---- a/source3/libads/kerberos.c -+++ b/source3/libads/kerberos.c -@@ -715,7 +715,8 @@ int kerberos_kinit_password(const char *principal, - - static char *print_kdc_line(char *mem_ctx, - const char *prev_line, -- const struct sockaddr_storage *pss) -+ const struct sockaddr_storage *pss, -+ const char *kdc_name) - { - char *kdc_str = NULL; - -@@ -772,14 +773,15 @@ static char *print_kdc_line(char *mem_ctx, - static char *get_kdc_ip_string(char *mem_ctx, - const char *realm, - const char *sitename, -- struct sockaddr_storage *pss) -+ struct sockaddr_storage *pss, -+ const char *kdc_name) - { - int i; - struct ip_service *ip_srv_site = NULL; - struct ip_service *ip_srv_nonsite = NULL; - int count_site = 0; - int count_nonsite; -- char *kdc_str = print_kdc_line(mem_ctx, "", pss); -+ char *kdc_str = print_kdc_line(mem_ctx, "", pss, kdc_name); - - if (kdc_str == NULL) { - return NULL; -@@ -803,7 +805,8 @@ static char *get_kdc_ip_string(char *mem_ctx, - * but not done often. */ - kdc_str = print_kdc_line(mem_ctx, - kdc_str, -- &ip_srv_site[i].ss); -+ &ip_srv_site[i].ss, -+ NULL); - if (!kdc_str) { - SAFE_FREE(ip_srv_site); - return NULL; -@@ -840,7 +843,8 @@ static char *get_kdc_ip_string(char *mem_ctx, - /* Append to the string - inefficient but not done often. */ - kdc_str = print_kdc_line(mem_ctx, - kdc_str, -- &ip_srv_nonsite[i].ss); -+ &ip_srv_nonsite[i].ss, -+ NULL); - if (!kdc_str) { - SAFE_FREE(ip_srv_site); - SAFE_FREE(ip_srv_nonsite); -@@ -868,7 +872,8 @@ static char *get_kdc_ip_string(char *mem_ctx, - bool create_local_private_krb5_conf_for_domain(const char *realm, - const char *domain, - const char *sitename, -- struct sockaddr_storage *pss) -+ struct sockaddr_storage *pss, -+ const char *kdc_name) - { - char *dname; - char *tmpname = NULL; -@@ -912,7 +917,7 @@ bool create_local_private_krb5_conf_for_domain(const char *realm, - realm_upper = talloc_strdup(fname, realm); - strupper_m(realm_upper); - -- kdc_ip_string = get_kdc_ip_string(dname, realm, sitename, pss); -+ kdc_ip_string = get_kdc_ip_string(dname, realm, sitename, pss, kdc_name); - if (!kdc_ip_string) { - goto done; - } -diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c -index 3b3470d..cebd793 100644 ---- a/source3/libsmb/namequery_dc.c -+++ b/source3/libsmb/namequery_dc.c -@@ -109,12 +109,14 @@ static bool ads_dc_name(const char *domain, - create_local_private_krb5_conf_for_domain(realm, - domain, - sitename, -- &ads->ldap.ss); -+ &ads->ldap.ss, -+ ads->config.ldap_server_name); - } else { - create_local_private_krb5_conf_for_domain(realm, - domain, - NULL, -- &ads->ldap.ss); -+ &ads->ldap.ss, -+ ads->config.ldap_server_name); - } - } - #endif -diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c -index 45747d4..5ea5196 100644 ---- a/source3/winbindd/winbindd_cm.c -+++ b/source3/winbindd/winbindd_cm.c -@@ -1152,7 +1152,8 @@ static bool dcip_to_name(TALLOC_CTX *mem_ctx, - create_local_private_krb5_conf_for_domain(domain->alt_name, - domain->name, - sitename, -- pss); -+ pss, -+ name); - - SAFE_FREE(sitename); - } else { -@@ -1160,7 +1161,8 @@ static bool dcip_to_name(TALLOC_CTX *mem_ctx, - create_local_private_krb5_conf_for_domain(domain->alt_name, - domain->name, - NULL, -- pss); -+ pss, -+ name); - } - winbindd_set_locator_kdc_envs(domain); - --- -1.6.6.1 - - -From 06135ae36667c96fe28b69724393323727e82ba6 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?G=C3=BCnther=20Deschner?= -Date: Sat, 15 May 2010 00:34:35 +0200 -Subject: [PATCH 3/3] s3-kerberos: temporary fix for ipv6 in print_kdc_line(). - -Currently no krb5 lib supports "kdc = ipv6 address" at all, so for now just fill -in just the kdc_name if we have it and let the krb5 lib figure out the -appropriate ipv6 address - -ipv6 gurus, please check. - -Guenther ---- - source3/libads/kerberos.c | 25 ++++++++++++++++++++----- - 1 files changed, 20 insertions(+), 5 deletions(-) - -diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c -index 01a88e8..c78b8b8 100644 ---- a/source3/libads/kerberos.c -+++ b/source3/libads/kerberos.c -@@ -728,6 +728,9 @@ static char *print_kdc_line(char *mem_ctx, - char addr[INET6_ADDRSTRLEN]; - uint16_t port = get_sockaddr_port(pss); - -+ DEBUG(10,("print_kdc_line: IPV6 case for kdc_name: %s, port: %d\n", -+ kdc_name, port)); -+ - if (port != 0 && port != DEFAULT_KRB5_PORT) { - /* Currently for IPv6 we can't specify a non-default - krb5 port with an address, as this requires a ':'. -@@ -744,6 +747,7 @@ static char *print_kdc_line(char *mem_ctx, - "Error %s\n.", - print_canonical_sockaddr(mem_ctx, pss), - gai_strerror(ret))); -+ return NULL; - } - /* Success, use host:port */ - kdc_str = talloc_asprintf(mem_ctx, -@@ -752,11 +756,22 @@ static char *print_kdc_line(char *mem_ctx, - hostname, - (unsigned int)port); - } else { -- kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n", -- prev_line, -- print_sockaddr(addr, -- sizeof(addr), -- pss)); -+ -+ /* no krb5 lib currently supports "kdc = ipv6 address" -+ * at all, so just fill in just the kdc_name if we have -+ * it and let the krb5 lib figure out the appropriate -+ * ipv6 address - gd */ -+ -+ if (kdc_name) { -+ kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n", -+ prev_line, kdc_name); -+ } else { -+ kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n", -+ prev_line, -+ print_sockaddr(addr, -+ sizeof(addr), -+ pss)); -+ } - } - } - return kdc_str; --- -1.6.6.1 - diff --git a/samba.spec b/samba.spec index 89c8226..352d1b2 100644 --- a/samba.spec +++ b/samba.spec @@ -1,5 +1,5 @@ -%define main_release 60 -%define samba_version 3.5.3 +%define main_release 61 +%define samba_version 3.5.4 %define tdb_version 1.2.1 %define talloc_version 2.0.1 #%define pre_release rc3 @@ -45,7 +45,6 @@ Patch104: samba-3.0.0rc3-nmbd-netbiosname.patch # The passwd part has been applied, but not the group part Patch107: samba-3.2.0pre1-grouppwd.patch Patch200: samba-3.2.5-inotify.patch -Patch201: samba-3.5.2-ipv6.patch Requires(pre): samba-common = %{epoch}:%{samba_version}-%{release} Requires: pam >= 0:0.64 @@ -202,7 +201,6 @@ cp %{SOURCE11} packaging/Fedora/ #%patch104 -p1 -b .nmbd-netbiosname # FIXME: does not apply %patch107 -p1 -b .grouppwd %patch200 -p0 -b .inotify -%patch201 -p1 -b .ipv6 mv %samba_source/VERSION %samba_source/VERSION.orig sed -e 's/SAMBA_VERSION_VENDOR_SUFFIX=$/&\"%{samba_release}\"/' < %samba_source/VERSION.orig > %samba_source/VERSION @@ -652,6 +650,9 @@ exit 0 %{_datadir}/pixmaps/samba/logo-small.png %changelog +* Wed Jun 23 2010 Guenther Deschner - 3.5.4-61 +- Update to 3.5.4 + * Wed May 19 2010 Guenther Deschner - 3.5.3-60 - Update to 3.5.3 - Make sure nmb and smb initscripts return LSB compliant return codes