[PATCH] Don't ucase configured realm

Benjamin Coddington Benjamin.Coddington at uvm.edu
Thu Apr 8 08:35:41 MDT 2010 

Has anyone had a chance to look at this, or comment on its odds of 
inclusion?

Ben

On 3/12/10 1:38 PM, Benjamin Coddington wrote:
> On 3/11/10 5:14 PM, Andrew Bartlett wrote:
>> On Thu, 2010-03-11 at 16:34 -0500, Benjamin Coddington wrote:
>>> On 3/9/10 2:31 AM, Andrew Bartlett wrote:
>>>> On Tue, 2010-03-09 at 08:10 +0100, Matthias Dieter Wallnöfer wrote:
>>>>> It's not only this. Sometimes we divide correctly between DNS
>>>>> domainname
>>>>> (szRealm_lower) and realm (szRealm_upper) but not always (e.g. we
>>>>> could
>>>>> take an upcased DNS domainame as the realm). It is a huge task to
>>>>> review
>>>>> and check all occurences of those calls. Plus, since you keep the
>>>>> realm
>>>>> case-sensitive that means you are not really standard-AD compatible.
>>>>
>>>> Matthias,
>>>>
>>>> The problem here is that Benjamin isn't using Samba in an AD realm, he
>>>> is using it in a MIT realm (presumably at uvm.edu), that was not
>>>> configured per the normal practice.
>>>>
>>>> As such, he needs Samba, when it operates as a Kerberos host in his MIT
>>>> realm, to respect the lower case realm he has been forced into.
>>>>
>>>> It's not an unreasonable request, and in Samba3 it may even be quite
>>>> practical. The care we need to take in Samba3 is not to make the usual
>>>> case (MIT realms constructed per the usual rules, and AD domains)
>>>> harder
>>>> to set up.
>>>>
>>>> In Samba4, we have the double-challenge that we are the AD DC, and
>>>> so we
>>>> have an even higher burden to always return the correct case to our
>>>> clients.
>>>>
>>>> Andrew Bartlett
>>>
>>> Thanks Andrew. Here's another attempt which will not break the usual
>>> case. This adds a "realm preserve case" option for Samba3. I'm unclear
>>> if I should include documentation changes as well. If they should be
>>> done, let me know.
>>
>> Does this now mean we are ordering dependent? If 'realm preserve case'
>> is set second, or not set at all, does it still work? If it is later
>> set to false, but after the realm is re-read (on reload), is the realm
>> put back to the correct case?
>>
>> In short, smb.conf parsing is subtle - perhaps too subtle - so I'm just
>> a bit worried. In any case, I'll need for one of the developers working
>> on the Samba3 side of the house to look over it, and decide if it can go
>> in.
>>
>> I'm sorry this turned out to be so much more complex than you ever
>> imagined!
>>
>> Andrew Bartlett
>
> It was ordering independent, however after taking another look I realize
> that only the first value of "realm preserve case" would be honored if
> it were to be specified multiple times. Attached is a third attempt that
> should be order independent and also honor the last value specified.
>
> It works if not set; it works if realm is not set; if the realm is
> re-read on reload and set to false, it returns the realm to the correct
> case.
>
> Ben
>

More information about the samba-technical mailing list