[PATCH] Joining domains specifying auth realm
Ken Cross
kcross at nssolutions.com
Fri Apr 25 12:16:25 GMT 2003
You are right, of course -- I hadn't had the chance to test it with the
change to ads_set_machine_password, and didn't think it would hurt to
restore it, but...
Not restoring it makes the change simpler (diff with SAMBA_3_0):
Index: utils/net_ads.c
===================================================================
RCS file: /cvsroot/samba/source/utils/net_ads.c,v
retrieving revision 1.37.2.15
diff -p -u -r1.37.2.15 net_ads.c
--- utils/net_ads.c 14 Apr 2003 22:27:09 -0000 1.37.2.15
+++ utils/net_ads.c 25 Apr 2003 12:11:11 -0000
@@ -109,6 +109,9 @@ static int net_ads_info(int argc, const
d_printf("LDAP port: %d\n", ads->ldap_port);
d_printf("Server time: %s\n",
http_timestring(ads->config.current_time));
+ d_printf("KDC server: %s\n", ads->auth.kdc_server );
+ d_printf("Server time offset: %d\n", ads->auth.time_offset );
+
return 0;
}
@@ -124,6 +127,7 @@ static ADS_STRUCT *ads_startup(void)
ADS_STATUS status;
BOOL need_password = False;
BOOL second_time = False;
+ char *cp;
ads = ads_init(NULL, NULL, opt_host);
@@ -150,7 +154,19 @@ retry:
ads->auth.user_name = strdup(opt_user_name);
+ /*
+ * If the username is of the form "name at realm",
+ * extract the realm and convert to upper case.
+ * This is only used to establish the connection.
+ */
+ if (cp = strchr(ads->auth.user_name, '@')) {
+ *cp++ = '\0';
+ ads->auth.realm = cp;
+ strupper(ads->auth.realm);
+ }
+
status = ads_connect(ads);
+
if (!ADS_ERR_OK(status)) {
if (!need_password && !second_time) {
need_password = True;
Ken
________________________________
Ken Cross
Network Storage Solutions
Phone 865.675.4070 ext 31
kcross at nssolutions.com
> -----Original Message-----
> From: Andrew Bartlett [mailto:abartlet at samba.org]
> Sent: Friday, April 25, 2003 6:51 AM
> To: Ken Cross
> Cc: 'Multiple recipients of list SAMBA-TECHNICAL'; 'Andrew Bartlett'
> Subject: RE: [PATCH] Joining domains specifying auth realm
>
[snip]
>
> I'm still not convinced on this bit - why do we need to
> restore it? If we did the authentication during the
> ads_connect, why do we need to set it back?
>
> Andrew Bartlett
>
> --
> Andrew Bartlett abartlet at pcug.org.au
> Manager, Authentication Subsystems, Samba Team abartlet at samba.org
> Student Network Administrator, Hawker College abartlet at hawkerc.net
> http://samba.org http://build.samba.org http://hawkerc.net
>
More information about the samba-technical
mailing list