[s4] "realm" handling

Matthias Dieter Wallnöfer mdw at samba.org
Tue Oct 13 10:53:35 MDT 2009 

A new version of the patch (done according to your suggestions). Hope 
that this one looks okay.

Matthias

Andrew Bartlett schrieb:
> On Mon, 2009-10-12 at 19:34 +0200, Matthias Dieter Wallnöfer wrote:
>   
>> Hi Andrew & list,
>>
>> through some checks and work on the s4 codebase I discovered that the 
>> handling of the realm value (lp_realm(...) call) is a bit a mess. 
>> Sometimes it is upcased in the right manner when in use by KERBEROS, 
>> sometimes not and especially it's never lowcased when used as DNS domain.
>>
>> Therefore I propose this patch. Please comment on!
>>     
>
> Regarding the patch itself, please don't do this
>
>   
>> +	realm = lp_realm(gensec_security->settings->lp_ctx);
>> +	if (realm != NULL) {
>> +		char *upper_realm = strupper_talloc(gensec_gssapi_state, realm);
>>     
>
> and this
>
>   
>>  	if (domain_guid == NULL && domain == NULL) {
>> -		domain = lp_realm(cldapd->task->lp_ctx);
>> +		domain = strlower_talloc(tmp_ctx,
>> +						lp_realm(cldapd->task->lp_ctx));
>>     
>
> instead, work like you did in provision.py to set it to the 'right' case
> in the first place (ie, an lp_realm() and lp_dnsdomain()).
>
> Also, here:
>
>   
>> diff --git a/source4/torture/rpc/samlogon.c b/source4/torture/rpc/samlogon.c
>> index 8e6c884..47eff7a 100644
>> --- a/source4/torture/rpc/samlogon.c
>> +++ b/source4/torture/rpc/samlogon.c
>> @@ -1776,7 +1776,7 @@ bool torture_rpc_samlogon(struct torture_context *torture)
>>  				.username      = talloc_asprintf(mem_ctx, 
>>  								 "%s@%s", 
>>  								 TEST_USER_NAME,
>> -								 lp_realm(torture->lp_ctx)),
>> +								 strupper_talloc(mem_ctx, lp_realm(torture->lp_ctx))),
>>  				.password      = user_password,
>>  				.network_login = true,
>>  				.expected_interactive_error = NT_STATUS_OK,
>>     
>
> If you think it makes a difference, test both!
>
> Andrew Bartlett
>
>   

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: realm1
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20091013/360d3058/attachment.ksh>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: realm2
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20091013/360d3058/attachment-0001.ksh>

More information about the samba-technical mailing list