From owner-freebsd-ports-bugs@FreeBSD.ORG Thu Mar 18 18:40:03 2010 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EE2951065673 for ; Thu, 18 Mar 2010 18:40:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id AF38F8FC0A for ; Thu, 18 Mar 2010 18:40:03 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o2IIe3DD027696 for ; Thu, 18 Mar 2010 18:40:03 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o2IIe3ft027695; Thu, 18 Mar 2010 18:40:03 GMT (envelope-from gnats) Resent-Date: Thu, 18 Mar 2010 18:40:03 GMT Resent-Message-Id: <201003181840.o2IIe3ft027695@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Ryan Steinmetz Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C39381065676 for ; Thu, 18 Mar 2010 18:36:52 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id A64598FC21 for ; Thu, 18 Mar 2010 18:36:52 +0000 (UTC) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.3/8.14.3) with ESMTP id o2IIaqxR007519 for ; Thu, 18 Mar 2010 18:36:52 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.3/8.14.3/Submit) id o2IIaqbr007518; Thu, 18 Mar 2010 18:36:52 GMT (envelope-from nobody) Message-Id: <201003181836.o2IIaqbr007518@www.freebsd.org> Date: Thu, 18 Mar 2010 18:36:52 GMT From: Ryan Steinmetz To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: ports/144861: Update to net/samba3 to add option to force usage of TCP for kerberos X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Mar 2010 18:40:04 -0000 >Number: 144861 >Category: ports >Synopsis: Update to net/samba3 to add option to force usage of TCP for kerberos >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Thu Mar 18 18:40:03 UTC 2010 >Closed-Date: >Last-Modified: >Originator: Ryan Steinmetz >Release: 7.2-RELEASE >Organization: Rochester Institute of Technology >Environment: FreeBSD xxx1.rit.edu 7.2-RELEASE-p3 FreeBSD 7.2-RELEASE-p3 #5: Wed Feb 3 18:54:50 EST 2010 root@xxx1.rit.edu:/usr/obj/usr/src/sys/xxx i386 >Description: Under FreeBSD 7.x and 6.x, the default heimdal kerberos libraries don't seem to be smart enough to retry a connection to a KDC using TCP whenever the data is too large for UDP. This patch adds an option to the config menu to force heimdal to use tcp for connections to the KDCs by making libads generate the krb5.conf (that lives under /var/db/samba/smb_krb5 by default) prefixing each KDC IP with tcp/. This will enable ports users to get around the error message of "Response too big for UDP, retry with TCP" when trying to join samba to a Windows domain where this is an issue. >How-To-Repeat: >Fix: Patch attached with submission follows: diff -urN /usr/ports/net/samba3/Makefile /usr/ports/net/samba3/Makefile --- /usr/ports/net/samba3/Makefile 2010-03-16 14:20:11.000000000 -0400 +++ /usr/ports/net/samba3/Makefile 2010-03-16 14:22:53.000000000 -0400 @@ -75,7 +75,8 @@ POPT "With system-wide POPT library" on \ PCH "With precompiled headers optimization" on \ MAX_DEBUG "With maximum debugging" off \ - SMBTORTURE "With smbtorture" off + SMBTORTURE "With smbtorture" off \ + SMBFORCEKTCP "Force kerberos to use TCP" off .endif .include @@ -245,6 +246,10 @@ # !SAMBA_SUBPORT .endif +.if defined(WITH_SMBFORCEKTCP) +EXTRA_PATCHES+= files/extra-patch-source_kerberos.c +.endif + ### ### Common part for port and it's subports ### diff -urN /usr/ports/net/samba3/files/extra-patch-source_kerberos.c /usr/ports/net/samba3/files/extra-patch-source_kerberos.c --- /usr/ports/net/samba3/files/extra-patch-source_kerberos.c 1969-12-31 19:00:00.000000000 -0500 +++ /usr/ports/net/samba3/files/extra-patch-source_kerberos.c 2010-03-16 14:19:20.000000000 -0400 @@ -0,0 +1,29 @@ +--- libads/kerberos.c 2010-03-16 14:15:19.000000000 -0400 ++++ libads/kerberos.c 2010-03-16 14:16:34.000000000 -0400 +@@ -554,7 +554,7 @@ + struct ip_service *ip_srv_nonsite; + int count_site = 0; + int count_nonsite; +- char *kdc_str = talloc_asprintf(mem_ctx, "\tkdc = %s\n", ++ char *kdc_str = talloc_asprintf(mem_ctx, "\tkdc = tcp/%s\n", + inet_ntoa(primary_ip)); + + if (kdc_str == NULL) { +@@ -572,7 +572,7 @@ + continue; + } + /* Append to the string - inefficient but not done often. */ +- kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n", ++ kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = tcp/%s\n", + kdc_str, inet_ntoa(ip_srv_site[i].ip)); + if (!kdc_str) { + SAFE_FREE(ip_srv_site); +@@ -607,7 +607,7 @@ + } + + /* Append to the string - inefficient but not done often. */ +- kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n", ++ kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = tcp/%s\n", + kdc_str, inet_ntoa(ip_srv_nonsite[i].ip)); + if (!kdc_str) { + SAFE_FREE(ip_srv_site); >Release-Note: >Audit-Trail: >Unformatted: