[PATCH] Joining domains specifying auth realm

Ken Cross kcross at nssolutions.com
Mon Mar 17 13:47:48 GMT 2003


Andrew:

Patch to HEAD below -- sorry, should have realized that.

The reason I had to change it was that ads_set_machine_password uses
ads->auth.realm to build the principal name.  Should that be
ads->config.realm?

Ken
________________________________

Ken Cross

Network Storage Solutions
Phone 865.675.4070 ext 31
kcross at nssolutions.com 

> -----Original Message-----
> From: Andrew Bartlett [mailto:abartlet at samba.org] 
> Sent: Sunday, March 16, 2003 11:24 PM
> To: Ken Cross
> Cc: 'Multiple recipients of list SAMBA-TECHNICAL'; 'Andrew Bartlett'
> Subject: Re: [PATCH] Joining domains specifying auth realm
> 
> 
> On Sat, 2003-03-15 at 03:01, Ken Cross wrote:
> > Let's try this again.  The previous patch I submitted 
> didn't work in 
> > some configurations.  (ads->auth.realm needs to be 
> preserved over the 
> > ads_connect call.)
> 
> If it's not preserved, won't it be free()ed in the process?
> 
> And shouldn't change the code that's clobbering it instead?
> 
> I applied the previous patch - can you get me the changes 
> against current HEAD?
> 
> Andrew Bartlett
> 
> -- 
> Andrew Bartlett                                 abartlet at pcug.org.au
> Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
> Student Network Administrator, Hawker College   abartlet at hawkerc.net
> http://samba.org     http://build.samba.org     http://hawkerc.net
> 
-------------- next part --------------
--- /tmp/samba/source/utils/net_ads.c	Sat Mar 15 21:14:05 2003
+++ utils/net_ads.c	Mon Mar 17 08:26:50 2003
@@ -109,6 +107,9 @@ static int net_ads_info(int argc, const 
 	d_printf("LDAP port: %d\n", ads->ldap_port);
 	d_printf("Server time: %s\n", http_timestring(ads->config.current_time));
 
+	d_printf("KDC server: %s\n", ads->auth.kdc_server );           /* KJC */
+	d_printf("Server time offset: %d\n", ads->auth.time_offset );  /* KJC */
+
 	return 0;
 }
 
@@ -124,7 +125,7 @@ static ADS_STRUCT *ads_startup(void)
 	ADS_STATUS status;
 	BOOL need_password = False;
 	BOOL second_time = False;
-	char *realm;
+	char *realm, *realm_save = NULL;
 	
 	ads = ads_init(NULL, NULL, opt_host);
 
@@ -154,14 +156,26 @@ retry:
 	/*
 	 * If the username is of the form "name at realm", 
 	 * extract the realm and convert to upper case.
+	 * This is only used to establish the connection.
 	 */
+	realm_save = ads->auth.realm;
 	if ((realm = strchr(ads->auth.user_name, '@'))) {
 		*realm++ = '\0';
-		ads->auth.realm = strdup(realm);
+		ads->auth.realm = realm;
 		strupper(ads->auth.realm);
 	}
 
 	status = ads_connect(ads);
+
+	/*
+	 * Restore the realm name.  If there wasn't one,
+	 * default to the configuration realm.
+	 */
+	if( realm_save == NULL )
+		realm_save = strdup(ads->config.realm);
+
+	ads->auth.realm = realm_save;
+
 	if (!ADS_ERR_OK(status)) {
 		if (!need_password && !second_time) {
 			need_password = True;


More information about the samba-technical mailing list