[s4] "realm" handling

Andrew Bartlett abartlet at samba.org
Mon Oct 12 17:08:10 MDT 2009


On Mon, 2009-10-12 at 19:34 +0200, Matthias Dieter Wallnöfer wrote:
> Hi Andrew & list,
> 
> through some checks and work on the s4 codebase I discovered that the 
> handling of the realm value (lp_realm(...) call) is a bit a mess. 
> Sometimes it is upcased in the right manner when in use by KERBEROS, 
> sometimes not and especially it's never lowcased when used as DNS domain.
> 
> Therefore I propose this patch. Please comment on!

Regarding the patch itself, please don't do this

> +	realm = lp_realm(gensec_security->settings->lp_ctx);
> +	if (realm != NULL) {
> +		char *upper_realm = strupper_talloc(gensec_gssapi_state, realm);

and this

>  	if (domain_guid == NULL && domain == NULL) {
> -		domain = lp_realm(cldapd->task->lp_ctx);
> +		domain = strlower_talloc(tmp_ctx,
> +						lp_realm(cldapd->task->lp_ctx));

instead, work like you did in provision.py to set it to the 'right' case
in the first place (ie, an lp_realm() and lp_dnsdomain()).

Also, here:

> diff --git a/source4/torture/rpc/samlogon.c b/source4/torture/rpc/samlogon.c
> index 8e6c884..47eff7a 100644
> --- a/source4/torture/rpc/samlogon.c
> +++ b/source4/torture/rpc/samlogon.c
> @@ -1776,7 +1776,7 @@ bool torture_rpc_samlogon(struct torture_context *torture)
>  				.username      = talloc_asprintf(mem_ctx, 
>  								 "%s@%s", 
>  								 TEST_USER_NAME,
> -								 lp_realm(torture->lp_ctx)),
> +								 strupper_talloc(mem_ctx, lp_realm(torture->lp_ctx))),
>  				.password      = user_password,
>  				.network_login = true,
>  				.expected_interactive_error = NT_STATUS_OK,

If you think it makes a difference, test both!

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20091013/2da05ed1/attachment.pgp>


More information about the samba-technical mailing list