Date: Thu, 18 Mar 2010 18:36:52 GMT From: Ryan Steinmetz <rpsfa@rit.edu> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/144861: Update to net/samba3 to add option to force usage of TCP for kerberos Message-ID: <201003181836.o2IIaqbr007518@www.freebsd.org> Resent-Message-ID: <201003181840.o2IIe3ft027695@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 144861
>Category: ports
>Synopsis: Update to net/samba3 to add option to force usage of TCP for kerberos
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Thu Mar 18 18:40:03 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator: Ryan Steinmetz
>Release: 7.2-RELEASE
>Organization:
Rochester Institute of Technology
>Environment:
FreeBSD xxx1.rit.edu 7.2-RELEASE-p3 FreeBSD 7.2-RELEASE-p3 #5: Wed Feb 3 18:54:50 EST 2010 root@xxx1.rit.edu:/usr/obj/usr/src/sys/xxx i386
>Description:
Under FreeBSD 7.x and 6.x, the default heimdal kerberos libraries don't seem to be smart enough to retry a connection to a KDC using TCP whenever the data is too large for UDP.
This patch adds an option to the config menu to force heimdal to use tcp for connections to the KDCs by making libads generate the krb5.conf (that lives under /var/db/samba/smb_krb5 by default) prefixing each KDC IP with tcp/.
This will enable ports users to get around the error message of "Response too big for UDP, retry with TCP" when trying to join samba to a Windows domain where this is an issue.
>How-To-Repeat:
>Fix:
Patch attached with submission follows:
diff -urN /usr/ports/net/samba3/Makefile /usr/ports/net/samba3/Makefile
--- /usr/ports/net/samba3/Makefile 2010-03-16 14:20:11.000000000 -0400
+++ /usr/ports/net/samba3/Makefile 2010-03-16 14:22:53.000000000 -0400
@@ -75,7 +75,8 @@
POPT "With system-wide POPT library" on \
PCH "With precompiled headers optimization" on \
MAX_DEBUG "With maximum debugging" off \
- SMBTORTURE "With smbtorture" off
+ SMBTORTURE "With smbtorture" off \
+ SMBFORCEKTCP "Force kerberos to use TCP" off
.endif
.include <bsd.port.pre.mk>
@@ -245,6 +246,10 @@
# !SAMBA_SUBPORT
.endif
+.if defined(WITH_SMBFORCEKTCP)
+EXTRA_PATCHES+= files/extra-patch-source_kerberos.c
+.endif
+
###
### Common part for port and it's subports
###
diff -urN /usr/ports/net/samba3/files/extra-patch-source_kerberos.c /usr/ports/net/samba3/files/extra-patch-source_kerberos.c
--- /usr/ports/net/samba3/files/extra-patch-source_kerberos.c 1969-12-31 19:00:00.000000000 -0500
+++ /usr/ports/net/samba3/files/extra-patch-source_kerberos.c 2010-03-16 14:19:20.000000000 -0400
@@ -0,0 +1,29 @@
+--- libads/kerberos.c 2010-03-16 14:15:19.000000000 -0400
++++ libads/kerberos.c 2010-03-16 14:16:34.000000000 -0400
+@@ -554,7 +554,7 @@
+ struct ip_service *ip_srv_nonsite;
+ int count_site = 0;
+ int count_nonsite;
+- char *kdc_str = talloc_asprintf(mem_ctx, "\tkdc = %s\n",
++ char *kdc_str = talloc_asprintf(mem_ctx, "\tkdc = tcp/%s\n",
+ inet_ntoa(primary_ip));
+
+ if (kdc_str == NULL) {
+@@ -572,7 +572,7 @@
+ continue;
+ }
+ /* Append to the string - inefficient but not done often. */
+- kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
++ kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = tcp/%s\n",
+ kdc_str, inet_ntoa(ip_srv_site[i].ip));
+ if (!kdc_str) {
+ SAFE_FREE(ip_srv_site);
+@@ -607,7 +607,7 @@
+ }
+
+ /* Append to the string - inefficient but not done often. */
+- kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
++ kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = tcp/%s\n",
+ kdc_str, inet_ntoa(ip_srv_nonsite[i].ip));
+ if (!kdc_str) {
+ SAFE_FREE(ip_srv_site);
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201003181836.o2IIaqbr007518>