mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
Fix IPv6 bug #5204, which caused krb5 DNS lookups
for a name '[<ipv6 addr>'.
Jeremy.
(This used to be commit f2aa921505
)
This commit is contained in:
parent
60c3ec3fca
commit
bd8abea49f
@ -475,6 +475,29 @@ bool is_address_any(const struct sockaddr_storage *psa)
|
||||
return false;
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
Get a port number in host byte order from a sockaddr_storage.
|
||||
****************************************************************************/
|
||||
|
||||
uint16_t get_sockaddr_port(const struct sockaddr_storage *pss)
|
||||
{
|
||||
uint16_t port = 0;
|
||||
|
||||
if (pss->ss_family != AF_INET) {
|
||||
#if defined(HAVE_IPV6)
|
||||
/* IPv6 */
|
||||
const struct sockaddr_in6 *sa6 =
|
||||
(const struct sockaddr_in6 *)pss;
|
||||
port = ntohs(sa6->sin6_port);
|
||||
#endif
|
||||
} else {
|
||||
const struct sockaddr_in *sa =
|
||||
(const struct sockaddr_in *)pss;
|
||||
port = ntohs(sa->sin_port);
|
||||
}
|
||||
return port;
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
Print out an IPv4 or IPv6 address from a struct sockaddr_storage.
|
||||
****************************************************************************/
|
||||
@ -518,7 +541,7 @@ char *print_canonical_sockaddr(TALLOC_CTX *ctx,
|
||||
char *dest = NULL;
|
||||
int ret;
|
||||
|
||||
ret = getnameinfo((const struct sockaddr *)pss,
|
||||
ret = sys_getnameinfo((const struct sockaddr *)pss,
|
||||
sizeof(struct sockaddr_storage),
|
||||
addr, sizeof(addr),
|
||||
NULL, 0,
|
||||
@ -1847,7 +1870,7 @@ const char *get_peer_name(int fd, bool force_lookup)
|
||||
}
|
||||
|
||||
/* Look up the remote host name. */
|
||||
ret = getnameinfo((struct sockaddr *)&ss,
|
||||
ret = sys_getnameinfo((struct sockaddr *)&ss,
|
||||
length,
|
||||
name_buf,
|
||||
sizeof(name_buf),
|
||||
|
@ -25,6 +25,8 @@
|
||||
|
||||
#ifdef HAVE_KRB5
|
||||
|
||||
#define DEFAULT_KRB5_PORT 88
|
||||
|
||||
#define LIBADS_CCACHE_NAME "MEMORY:libads"
|
||||
|
||||
/*
|
||||
@ -665,6 +667,51 @@ int kerberos_kinit_password(const char *principal,
|
||||
NULL);
|
||||
}
|
||||
|
||||
/************************************************************************
|
||||
************************************************************************/
|
||||
|
||||
static char *print_kdc_line(char *mem_ctx,
|
||||
const char *prev_line,
|
||||
const struct sockaddr_storage *pss)
|
||||
{
|
||||
char *kdc_str = NULL;
|
||||
|
||||
if (pss->ss_family == AF_INET) {
|
||||
kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
|
||||
prev_line,
|
||||
print_canonical_sockaddr(mem_ctx, pss));
|
||||
} else {
|
||||
char addr[INET6_ADDRSTRLEN];
|
||||
uint16_t port = get_sockaddr_port(pss);
|
||||
|
||||
if (port != 0 && port != DEFAULT_KRB5_PORT) {
|
||||
/* Currently for IPv6 we can't specify a non-default
|
||||
krb5 port with an address, as this requires a ':'.
|
||||
Resolve to a name. */
|
||||
char hostname[MAX_DNS_NAME_LENGTH];
|
||||
if (sys_getnameinfo((const struct sockaddr *)pss,
|
||||
sizeof(*pss),
|
||||
hostname, sizeof(hostname),
|
||||
NULL, 0,
|
||||
NI_NAMEREQD) == 0) {
|
||||
/* Success, use host:port */
|
||||
kdc_str = talloc_asprintf(mem_ctx,
|
||||
"%s\tkdc = %s:%u\n",
|
||||
prev_line,
|
||||
hostname,
|
||||
(unsigned int)port);
|
||||
return kdc_str;
|
||||
}
|
||||
}
|
||||
kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
|
||||
prev_line,
|
||||
print_sockaddr(addr,
|
||||
sizeof(addr),
|
||||
pss));
|
||||
}
|
||||
return kdc_str;
|
||||
}
|
||||
|
||||
/************************************************************************
|
||||
Create a string list of available kdc's, possibly searching by sitename.
|
||||
Does DNS queries.
|
||||
@ -677,12 +724,10 @@ static char *get_kdc_ip_string(char *mem_ctx,
|
||||
{
|
||||
int i;
|
||||
struct ip_service *ip_srv_site = NULL;
|
||||
struct ip_service *ip_srv_nonsite;
|
||||
struct ip_service *ip_srv_nonsite = NULL;
|
||||
int count_site = 0;
|
||||
int count_nonsite;
|
||||
char *kdc_str = talloc_asprintf(mem_ctx, "\tkdc = %s\n",
|
||||
print_canonical_sockaddr(mem_ctx,
|
||||
pss));
|
||||
char *kdc_str = print_kdc_line(mem_ctx, "", pss);
|
||||
|
||||
if (kdc_str == NULL) {
|
||||
return NULL;
|
||||
@ -700,10 +745,9 @@ static char *get_kdc_ip_string(char *mem_ctx,
|
||||
}
|
||||
/* Append to the string - inefficient
|
||||
* but not done often. */
|
||||
kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
|
||||
kdc_str,
|
||||
print_canonical_sockaddr(mem_ctx,
|
||||
&ip_srv_site[i].ss));
|
||||
kdc_str = print_kdc_line(mem_ctx,
|
||||
kdc_str,
|
||||
&ip_srv_site[i].ss);
|
||||
if (!kdc_str) {
|
||||
SAFE_FREE(ip_srv_site);
|
||||
return NULL;
|
||||
@ -738,10 +782,9 @@ static char *get_kdc_ip_string(char *mem_ctx,
|
||||
}
|
||||
|
||||
/* Append to the string - inefficient but not done often. */
|
||||
kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
|
||||
kdc_str = print_kdc_line(mem_ctx,
|
||||
kdc_str,
|
||||
print_canonical_sockaddr(mem_ctx,
|
||||
&ip_srv_nonsite[i].ss));
|
||||
&ip_srv_nonsite[i].ss);
|
||||
if (!kdc_str) {
|
||||
SAFE_FREE(ip_srv_site);
|
||||
SAFE_FREE(ip_srv_nonsite);
|
||||
@ -873,8 +916,8 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
|
||||
}
|
||||
|
||||
DEBUG(5,("create_local_private_krb5_conf_for_domain: wrote "
|
||||
"file %s with realm %s KDC = %s\n",
|
||||
fname, realm_upper, print_canonical_sockaddr(dname, pss) ));
|
||||
"file %s with realm %s KDC list = %s\n",
|
||||
fname, realm_upper, kdc_ip_string));
|
||||
|
||||
/* Set the environment variable to this file. */
|
||||
setenv("KRB5_CONFIG", fname, 1);
|
||||
|
Loading…
Reference in New Issue
Block a user