From: Günther Deschner <gd@samba.org>
Date: Wed, 2 Apr 2014 17:37:34 +0000 (+0200)
Subject: s3-kerberos: make ipv6 support for generated krb5 config files more robust.
X-Git-Tag: ldb-1.1.17~197
X-Git-Url: http://git.samba.org/?a=commitdiff_plain;h=5f8f1be7a8595e74218624367bb7b643c2d0bb27;p=samba.git

s3-kerberos: make ipv6 support for generated krb5 config files more robust.

Older MIT Kerberos libraries will add any secondary ipv6 address as
ipv4 address, defining the (default) krb5 port 88 circumvents that.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Apr  4 16:33:12 CEST 2014 on sn-devel-104
---

diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index 649e5681a49..f3c23ea46ea 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -615,6 +615,31 @@ static void add_sockaddr_unique(struct sockaddr_storage *addrs, int *num_addrs,
 	*num_addrs += 1;
 }
 
+/* print_canonical_sockaddr prints an ipv6 addr in the form of
+* [ipv6.addr]. This string, when put in a generated krb5.conf file is not
+* always properly dealt with by some older krb5 libraries. Adding the hard-coded
+* portnumber workarounds the issue. - gd */
+
+static char *print_canonical_sockaddr_with_port(TALLOC_CTX *mem_ctx,
+						const struct sockaddr_storage *pss)
+{
+	char *str = NULL;
+
+	str = print_canonical_sockaddr(mem_ctx, pss);
+	if (str == NULL) {
+		return NULL;
+	}
+
+	if (pss->ss_family != AF_INET6) {
+		return str;
+	}
+
+#if defined(HAVE_IPV6)
+	str = talloc_asprintf_append(str, ":88");
+#endif
+	return str;
+}
+
 static char *get_kdc_ip_string(char *mem_ctx,
 		const char *realm,
 		const char *sitename,
@@ -634,7 +659,7 @@ static char *get_kdc_ip_string(char *mem_ctx,
 	struct netlogon_samlogon_response **responses = NULL;
 	NTSTATUS status;
 	char *kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n", "",
-					print_canonical_sockaddr(mem_ctx, pss));
+					print_canonical_sockaddr_with_port(mem_ctx, pss));
 
 	if (kdc_str == NULL) {
 		TALLOC_FREE(frame);
@@ -726,7 +751,7 @@ static char *get_kdc_ip_string(char *mem_ctx,
 		/* Append to the string - inefficient but not done often. */
 		new_kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
 					      kdc_str,
-					      print_canonical_sockaddr(mem_ctx, &dc_addrs[i]));
+					      print_canonical_sockaddr_with_port(mem_ctx, &dc_addrs[i]));
 		if (new_kdc_str == NULL) {
 			goto fail;
 		}