ports/144861: Update to net/samba3 to add option to force usage of TCP for kerberos

Ryan Steinmetz rpsfa at rit.edu
Thu Mar 18 18:40:04 UTC 2010 

>Number:         144861
>Category:       ports
>Synopsis:       Update to net/samba3 to add option to force usage of TCP for kerberos
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Thu Mar 18 18:40:03 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator:     Ryan Steinmetz
>Release:        7.2-RELEASE
>Organization:
Rochester Institute of Technology
>Environment:
FreeBSD xxx1.rit.edu 7.2-RELEASE-p3 FreeBSD 7.2-RELEASE-p3 #5: Wed Feb  3 18:54:50 EST 2010     root at xxx1.rit.edu:/usr/obj/usr/src/sys/xxx  i386
>Description:
Under FreeBSD 7.x and 6.x, the default heimdal kerberos libraries don't seem to be smart enough to retry a connection to a KDC using TCP whenever the data is too large for UDP.

This patch adds an option to the config menu to force heimdal to use tcp for connections to the KDCs by making libads generate the krb5.conf (that lives under /var/db/samba/smb_krb5 by default) prefixing each KDC IP with tcp/.

This will enable ports users to get around the error message of "Response too big for UDP, retry with TCP" when trying to join samba to a Windows domain where this is an issue.
>How-To-Repeat:

>Fix:


Patch attached with submission follows:

diff -urN /usr/ports/net/samba3/Makefile /usr/ports/net/samba3/Makefile
--- /usr/ports/net/samba3/Makefile	2010-03-16 14:20:11.000000000 -0400
+++ /usr/ports/net/samba3/Makefile	2010-03-16 14:22:53.000000000 -0400
@@ -75,7 +75,8 @@
 		POPT		"With system-wide POPT library" on \
 		PCH		"With precompiled headers optimization" on \
 		MAX_DEBUG	"With maximum debugging" off \
-		SMBTORTURE	"With smbtorture" off
+		SMBTORTURE	"With smbtorture" off \
+		SMBFORCEKTCP	"Force kerberos to use TCP" off
 .endif
 
 .include <bsd.port.pre.mk>
@@ -245,6 +246,10 @@
 # !SAMBA_SUBPORT
 .endif
 
+.if defined(WITH_SMBFORCEKTCP)
+EXTRA_PATCHES+=		files/extra-patch-source_kerberos.c
+.endif
+
 ###
 ### Common part for port and it's subports
 ###
diff -urN /usr/ports/net/samba3/files/extra-patch-source_kerberos.c /usr/ports/net/samba3/files/extra-patch-source_kerberos.c
--- /usr/ports/net/samba3/files/extra-patch-source_kerberos.c	1969-12-31 19:00:00.000000000 -0500
+++ /usr/ports/net/samba3/files/extra-patch-source_kerberos.c	2010-03-16 14:19:20.000000000 -0400
@@ -0,0 +1,29 @@
+--- libads/kerberos.c	2010-03-16 14:15:19.000000000 -0400
++++ libads/kerberos.c	2010-03-16 14:16:34.000000000 -0400
+@@ -554,7 +554,7 @@
+ 	struct ip_service *ip_srv_nonsite;
+ 	int count_site = 0;
+ 	int count_nonsite;
+-	char *kdc_str = talloc_asprintf(mem_ctx, "\tkdc = %s\n",
++	char *kdc_str = talloc_asprintf(mem_ctx, "\tkdc = tcp/%s\n",
+ 					inet_ntoa(primary_ip));
+ 
+ 	if (kdc_str == NULL) {
+@@ -572,7 +572,7 @@
+ 				continue;
+ 			}
+ 			/* Append to the string - inefficient but not done often. */
+-			kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
++			kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = tcp/%s\n",
+ 				kdc_str, inet_ntoa(ip_srv_site[i].ip));
+ 			if (!kdc_str) {
+ 				SAFE_FREE(ip_srv_site);
+@@ -607,7 +607,7 @@
+ 		}
+ 
+ 		/* Append to the string - inefficient but not done often. */
+-		kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
++		kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = tcp/%s\n",
+ 			kdc_str, inet_ntoa(ip_srv_nonsite[i].ip));
+ 		if (!kdc_str) {
+ 			SAFE_FREE(ip_srv_site);


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list