1 files changed, 180 insertions, 0 deletions
diff --git a/meta-networking/recipes-connectivity/samba/samba-4.1.12/10-improve-service-principal-guessing-in-net.patch b/meta-networking/recipes-connectivity/samba/samba-4.1.12/10-improve-service-principal-guessing-in-net.patch
new file mode 100644
index 0000000000..35f4d8c4f3
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba-4.1.12/10-improve-service-principal-guessing-in-net.patch
@@ -0,0 +1,180 @@
+From 579901faf787d8d787c978324bdec87c349e3d9b Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Tue, 23 Sep 2014 14:09:41 +0200
+Subject: [PATCH] s3-libads: Improve service principle guessing.
+If the name passed to the net command with the -S options is the long
+hostname of the domaincontroller and not the 15 char NetBIOS name we
+should construct a FQDN with the realm to get a Kerberos ticket.
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=10829
+Signed-off-by: Andreas Schneider <asn@samba.org>
+Reviewed-by: Guenther Deschner <gd@samba.org>
+(cherry picked from commit 83c62bd3f5945bbe295cbfbd153736d4c709b3a6)
+---
+ source3/libads/sasl.c | 124 +++++++++++++++++++++++++++-----------------------
+ 1 file changed, 66 insertions(+), 58 deletions(-)
+diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c
+index 33f4e24..1450ff1 100644
+--- a/source3/libads/sasl.c
+++ b/source3/libads/sasl.c
+@@ -714,88 +714,96 @@ static void ads_free_service_principal(struct ads_service_principal *p)
+ static ADS_STATUS ads_guess_service_principal(ADS_STRUCT *ads,
+                                              char **returned_principal)
+ {
+       ADS_STATUS status = ADS_ERROR(LDAP_NO_MEMORY);
+        char *princ = NULL;
+       TALLOC_CTX *frame;
+       char *server = NULL;
+       char *realm = NULL;
+       int rc;
+ 
+-       if (ads->server.realm && ads->server.ldap_server) {
+-               char *server, *server_realm;
+-
+-               server = SMB_STRDUP(ads->server.ldap_server);
+-               server_realm = SMB_STRDUP(ads->server.realm);
+-
+-               if (!server || !server_realm) {
+-                       SAFE_FREE(server);
+-                       SAFE_FREE(server_realm);
+-                       return ADS_ERROR(LDAP_NO_MEMORY);
+-               }
+       frame = talloc_stackframe();
+       if (frame == NULL) {
+               return ADS_ERROR(LDAP_NO_MEMORY);
+       }
+ 
+-               if (!strlower_m(server)) {
+-                       SAFE_FREE(server);
+-                       SAFE_FREE(server_realm);
+-                       return ADS_ERROR(LDAP_NO_MEMORY);
+       if (ads->server.realm && ads->server.ldap_server) {
+               server = strlower_talloc(frame, ads->server.ldap_server);
+               if (server == NULL) {
+                       goto out;
+                }
+ 
+-               if (!strupper_m(server_realm)) {
+-                       SAFE_FREE(server);
+-                       SAFE_FREE(server_realm);
+-                       return ADS_ERROR(LDAP_NO_MEMORY);
+               realm = strupper_talloc(frame, ads->server.realm);
+               if (realm == NULL) {
+                       goto out;
+                }
+ 
+-               if (asprintf(&princ, "ldap/%s@%s", server, server_realm) == -1) {
+-                       SAFE_FREE(server);
+-                       SAFE_FREE(server_realm);
+-                       return ADS_ERROR(LDAP_NO_MEMORY);
+-               }
+               /*
+                * If we got a name which is bigger than a NetBIOS name,
+                * but isn't a FQDN, create one.
+                */
+               if (strlen(server) > 15 && strstr(server, ".") == NULL) {
+                       char *dnsdomain;
+ 
+-               SAFE_FREE(server);
+-               SAFE_FREE(server_realm);
+                       dnsdomain = strlower_talloc(frame, ads->server.realm);
+                       if (dnsdomain == NULL) {
+                               goto out;
+                       }
+ 
+-               if (!princ) {
+-                       return ADS_ERROR(LDAP_NO_MEMORY);
+                       server = talloc_asprintf(frame,
+                                                "%s.%s",
+                                                server, dnsdomain);
+                       if (server == NULL) {
+                               goto out;
+                       }
+                }
+        } else if (ads->config.realm && ads->config.ldap_server_name) {
+-               char *server, *server_realm;
+-
+-               server = SMB_STRDUP(ads->config.ldap_server_name);
+-               server_realm = SMB_STRDUP(ads->config.realm);
+-
+-               if (!server || !server_realm) {
+-                       SAFE_FREE(server);
+-                       SAFE_FREE(server_realm);
+-                       return ADS_ERROR(LDAP_NO_MEMORY);
+               server = strlower_talloc(frame, ads->config.ldap_server_name);
+               if (server == NULL) {
+                       goto out;
+                }
+ 
+-               if (!strlower_m(server)) {
+-                       SAFE_FREE(server);
+-                       SAFE_FREE(server_realm);
+-                       return ADS_ERROR(LDAP_NO_MEMORY);
+               realm = strupper_talloc(frame, ads->config.realm);
+               if (realm == NULL) {
+                       goto out;
+                }
+ 
+-               if (!strupper_m(server_realm)) {
+-                       SAFE_FREE(server);
+-                       SAFE_FREE(server_realm);
+-                       return ADS_ERROR(LDAP_NO_MEMORY);
+-               }
+-               if (asprintf(&princ, "ldap/%s@%s", server, server_realm) == -1) {
+-                       SAFE_FREE(server);
+-                       SAFE_FREE(server_realm);
+-                       return ADS_ERROR(LDAP_NO_MEMORY);
+-               }
+               /*
+                * If we got a name which is bigger than a NetBIOS name,
+                * but isn't a FQDN, create one.
+                */
+               if (strlen(server) > 15 && strstr(server, ".") == NULL) {
+                       char *dnsdomain;
+ 
+-               SAFE_FREE(server);
+-               SAFE_FREE(server_realm);
+                       dnsdomain = strlower_talloc(frame, ads->server.realm);
+                       if (dnsdomain == NULL) {
+                               goto out;
+                       }
+ 
+-               if (!princ) {
+-                       return ADS_ERROR(LDAP_NO_MEMORY);
+                       server = talloc_asprintf(frame,
+                                                "%s.%s",
+                                                server, dnsdomain);
+                       if (server == NULL) {
+                               goto out;
+                       }
+                }
+        }
+ 
+-       if (!princ) {
+-               return ADS_ERROR(LDAP_PARAM_ERROR);
+       if (server == NULL || realm == NULL) {
+               goto out;
+       }
+
+       rc = asprintf(&princ, "ldap/%s@%s", server, realm);
+       if (rc == -1 || princ == NULL) {
+               status = ADS_ERROR(LDAP_PARAM_ERROR);
+               goto out;
+        }
+ 
+        *returned_principal = princ;
+ 
+-       return ADS_SUCCESS;
+       status = ADS_SUCCESS;
+out:
+       TALLOC_FREE(frame);
+       return status;
+ }
+ 
+ static ADS_STATUS ads_generate_service_principal(ADS_STRUCT *ads,
+-- 
+2.1.0

diff --git a/meta-networking/recipes-connectivity/samba/samba-4.1.12/10-improve-service-principal-guessing-in-net.patch b/meta-networking/recipes-connectivity/samba/samba-4.1.12/10-improve-service-principal-guessing-in-net.patch new file mode 100644 index 0000000000..35f4d8c4f3 --- /dev/null +++ b/meta-networking/recipes-connectivity/samba/samba-4.1.12/10-improve-service-principal-guessing-in-net.patch
@@ -0,0 +1,180 @@
	1	From 579901faf787d8d787c978324bdec87c349e3d9b Mon Sep 17 00:00:00 2001
	2	From: Andreas Schneider <asn@samba.org>
	3	Date: Tue, 23 Sep 2014 14:09:41 +0200
	4	Subject: [PATCH] s3-libads: Improve service principle guessing.
	5
	6	If the name passed to the net command with the -S options is the long
	7	hostname of the domaincontroller and not the 15 char NetBIOS name we
	8	should construct a FQDN with the realm to get a Kerberos ticket.
	9
	10	BUG: https://bugzilla.samba.org/show_bug.cgi?id=10829
	11
	12	Signed-off-by: Andreas Schneider <asn@samba.org>
	13	Reviewed-by: Guenther Deschner <gd@samba.org>
	14	(cherry picked from commit 83c62bd3f5945bbe295cbfbd153736d4c709b3a6)
	15	---
	16	source3/libads/sasl.c \| 124 +++++++++++++++++++++++++++-----------------------
	17	1 file changed, 66 insertions(+), 58 deletions(-)
	18
	19	diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c
	20	index 33f4e24..1450ff1 100644
	21	--- a/source3/libads/sasl.c
	22	+++ b/source3/libads/sasl.c
	23	@@ -714,88 +714,96 @@ static void ads_free_service_principal(struct ads_service_principal *p)
	24	static ADS_STATUS ads_guess_service_principal(ADS_STRUCT *ads,
	25	char **returned_principal)
	26	{
	27	+ ADS_STATUS status = ADS_ERROR(LDAP_NO_MEMORY);
	28	char *princ = NULL;
	29	+ TALLOC_CTX *frame;
	30	+ char *server = NULL;
	31	+ char *realm = NULL;
	32	+ int rc;
	33
	34	- if (ads->server.realm && ads->server.ldap_server) {
	35	- char server, server_realm;
	36	-
	37	- server = SMB_STRDUP(ads->server.ldap_server);
	38	- server_realm = SMB_STRDUP(ads->server.realm);
	39	-
	40	- if (!server \|\| !server_realm) {
	41	- SAFE_FREE(server);
	42	- SAFE_FREE(server_realm);
	43	- return ADS_ERROR(LDAP_NO_MEMORY);
	44	- }
	45	+ frame = talloc_stackframe();
	46	+ if (frame == NULL) {
	47	+ return ADS_ERROR(LDAP_NO_MEMORY);
	48	+ }
	49
	50	- if (!strlower_m(server)) {
	51	- SAFE_FREE(server);
	52	- SAFE_FREE(server_realm);
	53	- return ADS_ERROR(LDAP_NO_MEMORY);
	54	+ if (ads->server.realm && ads->server.ldap_server) {
	55	+ server = strlower_talloc(frame, ads->server.ldap_server);
	56	+ if (server == NULL) {
	57	+ goto out;
	58	}
	59
	60	- if (!strupper_m(server_realm)) {
	61	- SAFE_FREE(server);
	62	- SAFE_FREE(server_realm);
	63	- return ADS_ERROR(LDAP_NO_MEMORY);
	64	+ realm = strupper_talloc(frame, ads->server.realm);
	65	+ if (realm == NULL) {
	66	+ goto out;
	67	}
	68
	69	- if (asprintf(&princ, "ldap/%s@%s", server, server_realm) == -1) {
	70	- SAFE_FREE(server);
	71	- SAFE_FREE(server_realm);
	72	- return ADS_ERROR(LDAP_NO_MEMORY);
	73	- }
	74	+ /*
	75	+ * If we got a name which is bigger than a NetBIOS name,
	76	+ * but isn't a FQDN, create one.
	77	+ */
	78	+ if (strlen(server) > 15 && strstr(server, ".") == NULL) {
	79	+ char *dnsdomain;
	80
	81	- SAFE_FREE(server);
	82	- SAFE_FREE(server_realm);
	83	+ dnsdomain = strlower_talloc(frame, ads->server.realm);
	84	+ if (dnsdomain == NULL) {
	85	+ goto out;
	86	+ }
	87
	88	- if (!princ) {
	89	- return ADS_ERROR(LDAP_NO_MEMORY);
	90	+ server = talloc_asprintf(frame,
	91	+ "%s.%s",
	92	+ server, dnsdomain);
	93	+ if (server == NULL) {
	94	+ goto out;
	95	+ }
	96	}
	97	} else if (ads->config.realm && ads->config.ldap_server_name) {
	98	- char server, server_realm;
	99	-
	100	- server = SMB_STRDUP(ads->config.ldap_server_name);
	101	- server_realm = SMB_STRDUP(ads->config.realm);
	102	-
	103	- if (!server \|\| !server_realm) {
	104	- SAFE_FREE(server);
	105	- SAFE_FREE(server_realm);
	106	- return ADS_ERROR(LDAP_NO_MEMORY);
	107	+ server = strlower_talloc(frame, ads->config.ldap_server_name);
	108	+ if (server == NULL) {
	109	+ goto out;
	110	}
	111
	112	- if (!strlower_m(server)) {
	113	- SAFE_FREE(server);
	114	- SAFE_FREE(server_realm);
	115	- return ADS_ERROR(LDAP_NO_MEMORY);
	116	+ realm = strupper_talloc(frame, ads->config.realm);
	117	+ if (realm == NULL) {
	118	+ goto out;
	119	}
	120
	121	- if (!strupper_m(server_realm)) {
	122	- SAFE_FREE(server);
	123	- SAFE_FREE(server_realm);
	124	- return ADS_ERROR(LDAP_NO_MEMORY);
	125	- }
	126	- if (asprintf(&princ, "ldap/%s@%s", server, server_realm) == -1) {
	127	- SAFE_FREE(server);
	128	- SAFE_FREE(server_realm);
	129	- return ADS_ERROR(LDAP_NO_MEMORY);
	130	- }
	131	+ /*
	132	+ * If we got a name which is bigger than a NetBIOS name,
	133	+ * but isn't a FQDN, create one.
	134	+ */
	135	+ if (strlen(server) > 15 && strstr(server, ".") == NULL) {
	136	+ char *dnsdomain;
	137
	138	- SAFE_FREE(server);
	139	- SAFE_FREE(server_realm);
	140	+ dnsdomain = strlower_talloc(frame, ads->server.realm);
	141	+ if (dnsdomain == NULL) {
	142	+ goto out;
	143	+ }
	144
	145	- if (!princ) {
	146	- return ADS_ERROR(LDAP_NO_MEMORY);
	147	+ server = talloc_asprintf(frame,
	148	+ "%s.%s",
	149	+ server, dnsdomain);
	150	+ if (server == NULL) {
	151	+ goto out;
	152	+ }
	153	}
	154	}
	155
	156	- if (!princ) {
	157	- return ADS_ERROR(LDAP_PARAM_ERROR);
	158	+ if (server == NULL \|\| realm == NULL) {
	159	+ goto out;
	160	+ }
	161	+
	162	+ rc = asprintf(&princ, "ldap/%s@%s", server, realm);
	163	+ if (rc == -1 \|\| princ == NULL) {
	164	+ status = ADS_ERROR(LDAP_PARAM_ERROR);
	165	+ goto out;
	166	}
	167
	168	*returned_principal = princ;
	169
	170	- return ADS_SUCCESS;
	171	+ status = ADS_SUCCESS;
	172	+out:
	173	+ TALLOC_FREE(frame);
	174	+ return status;
	175	}
	176
	177	static ADS_STATUS ads_generate_service_principal(ADS_STRUCT *ads,
	178	--
	179	2.1.0
	180