[PATCH] Don't ucase configured realm

Benjamin Coddington Benjamin.Coddington at uvm.edu
Fri Mar 12 11:38:00 MST 2010 

On 3/11/10 5:14 PM, Andrew Bartlett wrote:
> On Thu, 2010-03-11 at 16:34 -0500, Benjamin Coddington wrote:
>> On 3/9/10 2:31 AM, Andrew Bartlett wrote:
>>> On Tue, 2010-03-09 at 08:10 +0100, Matthias Dieter Wallnöfer wrote:
>>>> It's not only this. Sometimes we divide correctly between DNS domainname
>>>> (szRealm_lower) and realm (szRealm_upper) but not always (e.g. we could
>>>> take an upcased DNS domainame as the realm). It is a huge task to review
>>>> and check all occurences of those calls. Plus, since you keep the realm
>>>> case-sensitive that means you are not really standard-AD compatible.
>>>
>>> Matthias,
>>>
>>> The problem here is that Benjamin isn't using Samba in an AD realm, he
>>> is using it in a MIT realm (presumably at uvm.edu), that was not
>>> configured per the normal practice.
>>>
>>> As such, he needs Samba, when it operates as a Kerberos host in his MIT
>>> realm, to respect the lower case realm he has been forced into.
>>>
>>> It's not an unreasonable request, and in Samba3 it may even be quite
>>> practical.  The care we need to take in Samba3 is not to make the usual
>>> case (MIT realms constructed per the usual rules, and AD domains) harder
>>> to set up.
>>>
>>> In Samba4, we have the double-challenge that we are the AD DC, and so we
>>> have an even higher burden to always return the correct case to our
>>> clients.
>>>
>>> Andrew Bartlett
>>
>> Thanks Andrew.  Here's another attempt which will not break the usual
>> case.  This adds a "realm preserve case" option for Samba3.  I'm unclear
>> if I should include documentation changes as well.  If they should be
>> done, let me know.
>
> Does this now mean we are ordering dependent?  If 'realm preserve case'
> is set second, or not set at all, does it still work?  If it is later
> set to false, but after the realm is re-read (on reload), is the realm
> put back to the correct case?
>
> In short, smb.conf parsing is subtle - perhaps too subtle - so I'm just
> a bit worried.  In any case, I'll need for one of the developers working
> on the Samba3 side of the house to look over it, and decide if it can go
> in.
>
> I'm sorry this turned out to be so much more complex than you ever
> imagined!
>
> Andrew Bartlett

It was ordering independent, however after taking another look I realize 
that only the first value of "realm preserve case" would be honored if 
it were to be specified multiple times.  Attached is a third attempt 
that should be order independent and also honor the last value specified.

It works if not set; it works if realm is not set; if the realm is 
re-read on reload and set to false, it returns the realm to the correct 
case.

Ben

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: rpc.patch
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20100312/d888ebd7/attachment.ksh>

More information about the samba-technical mailing list