[s4] "realm" handling
Matthias Dieter Wallnöfer
mdw at samba.org
Tue Oct 13 10:53:35 MDT 2009
A new version of the patch (done according to your suggestions). Hope
that this one looks okay.
Matthias
Andrew Bartlett schrieb:
> On Mon, 2009-10-12 at 19:34 +0200, Matthias Dieter Wallnöfer wrote:
>
>> Hi Andrew & list,
>>
>> through some checks and work on the s4 codebase I discovered that the
>> handling of the realm value (lp_realm(...) call) is a bit a mess.
>> Sometimes it is upcased in the right manner when in use by KERBEROS,
>> sometimes not and especially it's never lowcased when used as DNS domain.
>>
>> Therefore I propose this patch. Please comment on!
>>
>
> Regarding the patch itself, please don't do this
>
>
>> + realm = lp_realm(gensec_security->settings->lp_ctx);
>> + if (realm != NULL) {
>> + char *upper_realm = strupper_talloc(gensec_gssapi_state, realm);
>>
>
> and this
>
>
>> if (domain_guid == NULL && domain == NULL) {
>> - domain = lp_realm(cldapd->task->lp_ctx);
>> + domain = strlower_talloc(tmp_ctx,
>> + lp_realm(cldapd->task->lp_ctx));
>>
>
> instead, work like you did in provision.py to set it to the 'right' case
> in the first place (ie, an lp_realm() and lp_dnsdomain()).
>
> Also, here:
>
>
>> diff --git a/source4/torture/rpc/samlogon.c b/source4/torture/rpc/samlogon.c
>> index 8e6c884..47eff7a 100644
>> --- a/source4/torture/rpc/samlogon.c
>> +++ b/source4/torture/rpc/samlogon.c
>> @@ -1776,7 +1776,7 @@ bool torture_rpc_samlogon(struct torture_context *torture)
>> .username = talloc_asprintf(mem_ctx,
>> "%s@%s",
>> TEST_USER_NAME,
>> - lp_realm(torture->lp_ctx)),
>> + strupper_talloc(mem_ctx, lp_realm(torture->lp_ctx))),
>> .password = user_password,
>> .network_login = true,
>> .expected_interactive_error = NT_STATUS_OK,
>>
>
> If you think it makes a difference, test both!
>
> Andrew Bartlett
>
>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: realm1
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20091013/360d3058/attachment.ksh>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: realm2
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20091013/360d3058/attachment-0001.ksh>
More information about the samba-technical
mailing list