[s4] "realm" handling
Andrew Bartlett
abartlet at samba.org
Mon Oct 12 17:08:10 MDT 2009
On Mon, 2009-10-12 at 19:34 +0200, Matthias Dieter Wallnöfer wrote:
> Hi Andrew & list,
>
> through some checks and work on the s4 codebase I discovered that the
> handling of the realm value (lp_realm(...) call) is a bit a mess.
> Sometimes it is upcased in the right manner when in use by KERBEROS,
> sometimes not and especially it's never lowcased when used as DNS domain.
>
> Therefore I propose this patch. Please comment on!
Regarding the patch itself, please don't do this
> + realm = lp_realm(gensec_security->settings->lp_ctx);
> + if (realm != NULL) {
> + char *upper_realm = strupper_talloc(gensec_gssapi_state, realm);
and this
> if (domain_guid == NULL && domain == NULL) {
> - domain = lp_realm(cldapd->task->lp_ctx);
> + domain = strlower_talloc(tmp_ctx,
> + lp_realm(cldapd->task->lp_ctx));
instead, work like you did in provision.py to set it to the 'right' case
in the first place (ie, an lp_realm() and lp_dnsdomain()).
Also, here:
> diff --git a/source4/torture/rpc/samlogon.c b/source4/torture/rpc/samlogon.c
> index 8e6c884..47eff7a 100644
> --- a/source4/torture/rpc/samlogon.c
> +++ b/source4/torture/rpc/samlogon.c
> @@ -1776,7 +1776,7 @@ bool torture_rpc_samlogon(struct torture_context *torture)
> .username = talloc_asprintf(mem_ctx,
> "%s@%s",
> TEST_USER_NAME,
> - lp_realm(torture->lp_ctx)),
> + strupper_talloc(mem_ctx, lp_realm(torture->lp_ctx))),
> .password = user_password,
> .network_login = true,
> .expected_interactive_error = NT_STATUS_OK,
If you think it makes a difference, test both!
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20091013/2da05ed1/attachment.pgp>
More information about the samba-technical
mailing list