From nobody@FreeBSD.org  Thu Mar 18 18:36:52 2010
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id C39381065676
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 18 Mar 2010 18:36:52 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id A64598FC21
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 18 Mar 2010 18:36:52 +0000 (UTC)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id o2IIaqxR007519
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 18 Mar 2010 18:36:52 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id o2IIaqbr007518;
	Thu, 18 Mar 2010 18:36:52 GMT
	(envelope-from nobody)
Message-Id: <201003181836.o2IIaqbr007518@www.freebsd.org>
Date: Thu, 18 Mar 2010 18:36:52 GMT
From: Ryan Steinmetz <rpsfa@rit.edu>
To: freebsd-gnats-submit@FreeBSD.org
Subject: Update to net/samba3 to add option to force usage of TCP for kerberos
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         144861
>Category:       ports
>Synopsis:       Update to net/samba3 to add option to force usage of TCP for kerberos
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    timur
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Thu Mar 18 18:40:03 UTC 2010
>Closed-Date:    Fri Mar 18 04:42:13 UTC 2011
>Last-Modified:  Fri Mar 18 04:42:13 UTC 2011
>Originator:     Ryan Steinmetz
>Release:        7.2-RELEASE
>Organization:
Rochester Institute of Technology
>Environment:
FreeBSD xxx1.rit.edu 7.2-RELEASE-p3 FreeBSD 7.2-RELEASE-p3 #5: Wed Feb  3 18:54:50 EST 2010     root@xxx1.rit.edu:/usr/obj/usr/src/sys/xxx  i386
>Description:
Under FreeBSD 7.x and 6.x, the default heimdal kerberos libraries don't seem to be smart enough to retry a connection to a KDC using TCP whenever the data is too large for UDP.

This patch adds an option to the config menu to force heimdal to use tcp for connections to the KDCs by making libads generate the krb5.conf (that lives under /var/db/samba/smb_krb5 by default) prefixing each KDC IP with tcp/.

This will enable ports users to get around the error message of "Response too big for UDP, retry with TCP" when trying to join samba to a Windows domain where this is an issue.
>How-To-Repeat:

>Fix:


Patch attached with submission follows:

diff -urN /usr/ports/net/samba3/Makefile /usr/ports/net/samba3/Makefile
--- /usr/ports/net/samba3/Makefile	2010-03-16 14:20:11.000000000 -0400
+++ /usr/ports/net/samba3/Makefile	2010-03-16 14:22:53.000000000 -0400
@@ -75,7 +75,8 @@
 		POPT		"With system-wide POPT library" on \
 		PCH		"With precompiled headers optimization" on \
 		MAX_DEBUG	"With maximum debugging" off \
-		SMBTORTURE	"With smbtorture" off
+		SMBTORTURE	"With smbtorture" off \
+		SMBFORCEKTCP	"Force kerberos to use TCP" off
 .endif
 
 .include <bsd.port.pre.mk>
@@ -245,6 +246,10 @@
 # !SAMBA_SUBPORT
 .endif
 
+.if defined(WITH_SMBFORCEKTCP)
+EXTRA_PATCHES+=		files/extra-patch-source_kerberos.c
+.endif
+
 ###
 ### Common part for port and it's subports
 ###
diff -urN /usr/ports/net/samba3/files/extra-patch-source_kerberos.c /usr/ports/net/samba3/files/extra-patch-source_kerberos.c
--- /usr/ports/net/samba3/files/extra-patch-source_kerberos.c	1969-12-31 19:00:00.000000000 -0500
+++ /usr/ports/net/samba3/files/extra-patch-source_kerberos.c	2010-03-16 14:19:20.000000000 -0400
@@ -0,0 +1,29 @@
+--- libads/kerberos.c	2010-03-16 14:15:19.000000000 -0400
++++ libads/kerberos.c	2010-03-16 14:16:34.000000000 -0400
+@@ -554,7 +554,7 @@
+ 	struct ip_service *ip_srv_nonsite;
+ 	int count_site = 0;
+ 	int count_nonsite;
+-	char *kdc_str = talloc_asprintf(mem_ctx, "\tkdc = %s\n",
++	char *kdc_str = talloc_asprintf(mem_ctx, "\tkdc = tcp/%s\n",
+ 					inet_ntoa(primary_ip));
+ 
+ 	if (kdc_str == NULL) {
+@@ -572,7 +572,7 @@
+ 				continue;
+ 			}
+ 			/* Append to the string - inefficient but not done often. */
+-			kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
++			kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = tcp/%s\n",
+ 				kdc_str, inet_ntoa(ip_srv_site[i].ip));
+ 			if (!kdc_str) {
+ 				SAFE_FREE(ip_srv_site);
+@@ -607,7 +607,7 @@
+ 		}
+ 
+ 		/* Append to the string - inefficient but not done often. */
+-		kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
++		kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = tcp/%s\n",
+ 			kdc_str, inet_ntoa(ip_srv_nonsite[i].ip));
+ 		if (!kdc_str) {
+ 			SAFE_FREE(ip_srv_site);


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->timur 
Responsible-Changed-By: edwin 
Responsible-Changed-When: Thu Mar 18 18:40:17 UTC 2010 
Responsible-Changed-Why:  
Over to maintainer (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=144861 
State-Changed-From-To: open->closed 
State-Changed-By: miwi 
State-Changed-When: Fri Mar 18 04:42:12 UTC 2011 
State-Changed-Why:  
port was removed 

http://www.freebsd.org/cgi/query-pr.cgi?pr=144861 
>Unformatted:
