[PATCH] Joining domains specifying auth realm
Ken Cross
kcross at nssolutions.com
Thu Apr 24 15:04:33 GMT 2003
> -----Original Message-----
> From: Andrew Bartlett [mailto:abartlet at samba.org]
> Sent: Thursday, April 24, 2003 9:05 AM
> To: Ken Cross
> Cc: 'Multiple recipients of list SAMBA-TECHNICAL'; 'Andrew Bartlett'
> Subject: RE: [PATCH] Joining domains specifying auth realm
>
>
> On Tue, 2003-03-18 at 00:47, Ken Cross wrote:
> > Andrew:
> >
> > Patch to HEAD below -- sorry, should have realized that.
> >
> > The reason I had to change it was that ads_set_machine_password uses
> > ads->auth.realm to build the principal name. Should that be
> > ads->config.realm?
>
> I think it should.
>
> Can you give me current (and fixed) version of this patch for
> 3.0? I would love to get it in before the feature freeze.
>
> Andrew Bartlett
>
> --
> Andrew Bartlett abartlet at pcug.org.au
> Manager, Authentication Subsystems, Samba Team abartlet at samba.org
> Student Network Administrator, Hawker College abartlet at hawkerc.net
> http://samba.org http://build.samba.org http://hawkerc.net
>
Andrew:
Patches for SAMBA_3_0 below.
Ken
________________________________
Ken Cross
Network Storage Solutions
Phone 865.675.4070 ext 31
kcross at nssolutions.com
Index: libads/krb5_setpw.c
===================================================================
RCS file: /cvsroot/samba/source/libads/krb5_setpw.c,v
retrieving revision 1.7.2.7
diff -p -u -r1.7.2.7 krb5_setpw.c
--- libads/krb5_setpw.c 17 Mar 2003 22:58:24 -0000 1.7.2.7
+++ libads/krb5_setpw.c 24 Apr 2003 14:54:14 -0000
@@ -678,7 +678,7 @@ ADS_STATUS ads_set_machine_password(ADS_
we need to use the '$' form of the name here, as otherwise the
server might end up setting the password for a user instead
*/
- asprintf(&principal, "%s$@%s", host, ads->auth.realm);
+ asprintf(&principal, "%s$@%s", host, ads->config.realm);
status = krb5_set_password(ads->auth.kdc_server, principal,
password, ads->auth.time_offset);
Index: utils/net_ads.c
===================================================================
RCS file: /cvsroot/samba/source/utils/net_ads.c,v
retrieving revision 1.37.2.15
diff -p -u -r1.37.2.15 net_ads.c
--- utils/net_ads.c 14 Apr 2003 22:27:09 -0000 1.37.2.15
+++ utils/net_ads.c 24 Apr 2003 14:54:35 -0000
@@ -109,6 +109,9 @@ static int net_ads_info(int argc, const
d_printf("LDAP port: %d\n", ads->ldap_port);
d_printf("Server time: %s\n",
http_timestring(ads->config.current_time));
+ d_printf("KDC server: %s\n", ads->auth.kdc_server );
/* KJC */
+ d_printf("Server time offset: %d\n", ads->auth.time_offset );
/* KJC */
+
return 0;
}
@@ -124,6 +127,7 @@ static ADS_STRUCT *ads_startup(void)
ADS_STATUS status;
BOOL need_password = False;
BOOL second_time = False;
+ char *cp, *realm_save = NULL;
ads = ads_init(NULL, NULL, opt_host);
@@ -150,7 +154,29 @@ retry:
ads->auth.user_name = strdup(opt_user_name);
+ /*
+ * If the username is of the form "name at realm",
+ * extract the realm and convert to upper case.
+ * This is only used to establish the connection.
+ */
+ realm_save = ads->auth.realm;
+ if (cp = strchr(ads->auth.user_name, '@')) {
+ *cp++ = '\0';
+ ads->auth.realm = cp;
+ strupper(ads->auth.realm);
+ }
+
status = ads_connect(ads);
+
+ /*
+ * Restore the realm name. If there wasn't one,
+ * default to the configuration realm.
+ */
+ if( realm_save == NULL )
+ realm_save = strdup(ads->config.realm);
+
+ ads->auth.realm = realm_save;
+
if (!ADS_ERR_OK(status)) {
if (!need_password && !second_time) {
need_password = True;
More information about the samba-technical
mailing list