diff --git a/SOURCES/samba-4.1.6-ipv6_workaround.patch b/SOURCES/samba-4.1.6-ipv6_workaround.patch index b327812..a2058f1 100644 --- a/SOURCES/samba-4.1.6-ipv6_workaround.patch +++ b/SOURCES/samba-4.1.6-ipv6_workaround.patch @@ -74,3 +74,138 @@ index 649e568..f3c23ea 100644 -- 1.9.0 +From 60db71015f84dd242be889576d85ccd5c6a1f73b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?G=C3=BCnther=20Deschner?= +Date: Wed, 16 Apr 2014 16:07:14 +0200 +Subject: [PATCH] s3-libads: allow ads_try_connect() to re-use a resolved ip + address. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Pass down a struct sockaddr_storage to ads_try_connect. + +Guenther + +Signed-off-by: Günther Deschner +Reviewed-by: Andreas Schneider + +Autobuild-User(master): Günther Deschner +Autobuild-Date(master): Thu Apr 17 19:56:16 CEST 2014 on sn-devel-104 +--- + source3/libads/ldap.c | 44 ++++++++++++++++++++++++++------------------ + 1 file changed, 26 insertions(+), 18 deletions(-) + +diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c +index d9bb8e2..8fed8fd 100644 +--- a/source3/libads/ldap.c ++++ b/source3/libads/ldap.c +@@ -228,33 +228,27 @@ bool ads_closest_dc(ADS_STRUCT *ads) + try a connection to a given ldap server, returning True and setting the servers IP + in the ads struct if successful + */ +-static bool ads_try_connect(ADS_STRUCT *ads, const char *server, bool gc) ++static bool ads_try_connect(ADS_STRUCT *ads, bool gc, ++ struct sockaddr_storage *ss) + { + struct NETLOGON_SAM_LOGON_RESPONSE_EX cldap_reply; + TALLOC_CTX *frame = talloc_stackframe(); + bool ret = false; +- struct sockaddr_storage ss; + char addr[INET6_ADDRSTRLEN]; + +- if (!server || !*server) { ++ if (ss == NULL) { + TALLOC_FREE(frame); + return False; + } + +- if (!resolve_name(server, &ss, 0x20, true)) { +- DEBUG(5,("ads_try_connect: unable to resolve name %s\n", +- server )); +- TALLOC_FREE(frame); +- return false; +- } +- print_sockaddr(addr, sizeof(addr), &ss); ++ print_sockaddr(addr, sizeof(addr), ss); + + DEBUG(5,("ads_try_connect: sending CLDAP request to %s (realm: %s)\n", + addr, ads->server.realm)); + + ZERO_STRUCT( cldap_reply ); + +- if ( !ads_cldap_netlogon_5(frame, &ss, ads->server.realm, &cldap_reply ) ) { ++ if ( !ads_cldap_netlogon_5(frame, ss, ads->server.realm, &cldap_reply ) ) { + DEBUG(3,("ads_try_connect: CLDAP request %s failed.\n", addr)); + ret = false; + goto out; +@@ -298,7 +292,7 @@ static bool ads_try_connect(ADS_STRUCT *ads, const char *server, bool gc) + ads->server.workgroup = SMB_STRDUP(cldap_reply.domain_name); + + ads->ldap.port = gc ? LDAP_GC_PORT : LDAP_PORT; +- ads->ldap.ss = ss; ++ ads->ldap.ss = *ss; + + /* Store our site name. */ + sitename_store( cldap_reply.domain_name, cldap_reply.client_site); +@@ -330,6 +324,7 @@ static NTSTATUS ads_find_dc(ADS_STRUCT *ads) + bool use_own_domain = False; + char *sitename; + NTSTATUS status = NT_STATUS_UNSUCCESSFUL; ++ bool ok = false; + + /* if the realm and workgroup are both empty, assume they are ours */ + +@@ -384,12 +379,14 @@ static NTSTATUS ads_find_dc(ADS_STRUCT *ads) + DEBUG(6,("ads_find_dc: (ldap) looking for %s '%s'\n", + (got_realm ? "realm" : "domain"), realm)); + +- if (get_dc_name(domain, realm, srv_name, &ip_out)) { ++ ok = get_dc_name(domain, realm, srv_name, &ip_out); ++ if (ok) { + /* + * we call ads_try_connect() to fill in the + * ads->config details + */ +- if (ads_try_connect(ads, srv_name, false)) { ++ ok = ads_try_connect(ads, false, &ip_out); ++ if (ok) { + return NT_STATUS_OK; + } + } +@@ -445,7 +442,8 @@ static NTSTATUS ads_find_dc(ADS_STRUCT *ads) + } + } + +- if ( ads_try_connect(ads, server, false) ) { ++ ok = ads_try_connect(ads, false, &ip_list[i].ss); ++ if (ok) { + SAFE_FREE(ip_list); + SAFE_FREE(sitename); + return NT_STATUS_OK; +@@ -630,9 +628,19 @@ ADS_STATUS ads_connect(ADS_STRUCT *ads) + TALLOC_FREE(s); + } + +- if (ads->server.ldap_server) +- { +- if (ads_try_connect(ads, ads->server.ldap_server, ads->server.gc)) { ++ if (ads->server.ldap_server) { ++ bool ok = false; ++ struct sockaddr_storage ss; ++ ++ ok = resolve_name(ads->server.ldap_server, &ss, 0x20, true); ++ if (!ok) { ++ DEBUG(5,("ads_connect: unable to resolve name %s\n", ++ ads->server.ldap_server)); ++ status = ADS_ERROR_NT(NT_STATUS_NOT_FOUND); ++ goto out; ++ } ++ ok = ads_try_connect(ads, ads->server.gc, &ss); ++ if (ok) { + goto got_connection; + } + +-- +1.9.0 + diff --git a/SPECS/samba.spec b/SPECS/samba.spec index e653b3d..ba15772 100644 --- a/SPECS/samba.spec +++ b/SPECS/samba.spec @@ -1,7 +1,7 @@ # Set --with testsuite or %bcond_without to run the Samba torture testsuite. %bcond_with testsuite -%define main_release 31 +%define main_release 33 %define samba_version 4.1.1 %define talloc_version 2.0.8 @@ -626,6 +626,9 @@ LDFLAGS="-Wl,-z,relro,-z,now" \ --with-cluster-support \ --enable-old-ctdb \ %endif +%if %with_profiling + --with-profiling-data \ +%endif %if %{with testsuite} --enable-selftest \ %endif @@ -1613,6 +1616,12 @@ rm -rf %{buildroot} %{_mandir}/man8/pam_winbind.8* %changelog +* Mon May 05 2014 - Andreas Schneider - 4.1.1-33 +- related: #717484 - Add missing configure line to enable profiling data support. + +* Tue Apr 22 2014 - Guenther Deschner - 4.1.1-32 +- related: #1082653 - Reuse IPv6 address during the AD domain join. + * Thu Apr 03 2014 - Guenther Deschner - 4.1.1-31 - resolves: #1082653 - Add IPv6 workaround for MIT kerberos.