[PATCH] Joining domains specifying auth realm
Ken Cross
kcross at nssolutions.com
Mon Mar 17 13:47:48 GMT 2003
Andrew:
Patch to HEAD below -- sorry, should have realized that.
The reason I had to change it was that ads_set_machine_password uses
ads->auth.realm to build the principal name. Should that be
ads->config.realm?
Ken
________________________________
Ken Cross
Network Storage Solutions
Phone 865.675.4070 ext 31
kcross at nssolutions.com
> -----Original Message-----
> From: Andrew Bartlett [mailto:abartlet at samba.org]
> Sent: Sunday, March 16, 2003 11:24 PM
> To: Ken Cross
> Cc: 'Multiple recipients of list SAMBA-TECHNICAL'; 'Andrew Bartlett'
> Subject: Re: [PATCH] Joining domains specifying auth realm
>
>
> On Sat, 2003-03-15 at 03:01, Ken Cross wrote:
> > Let's try this again. The previous patch I submitted
> didn't work in
> > some configurations. (ads->auth.realm needs to be
> preserved over the
> > ads_connect call.)
>
> If it's not preserved, won't it be free()ed in the process?
>
> And shouldn't change the code that's clobbering it instead?
>
> I applied the previous patch - can you get me the changes
> against current HEAD?
>
> Andrew Bartlett
>
> --
> Andrew Bartlett abartlet at pcug.org.au
> Manager, Authentication Subsystems, Samba Team abartlet at samba.org
> Student Network Administrator, Hawker College abartlet at hawkerc.net
> http://samba.org http://build.samba.org http://hawkerc.net
>
-------------- next part --------------
--- /tmp/samba/source/utils/net_ads.c Sat Mar 15 21:14:05 2003
+++ utils/net_ads.c Mon Mar 17 08:26:50 2003
@@ -109,6 +107,9 @@ static int net_ads_info(int argc, const
d_printf("LDAP port: %d\n", ads->ldap_port);
d_printf("Server time: %s\n", http_timestring(ads->config.current_time));
+ d_printf("KDC server: %s\n", ads->auth.kdc_server ); /* KJC */
+ d_printf("Server time offset: %d\n", ads->auth.time_offset ); /* KJC */
+
return 0;
}
@@ -124,7 +125,7 @@ static ADS_STRUCT *ads_startup(void)
ADS_STATUS status;
BOOL need_password = False;
BOOL second_time = False;
- char *realm;
+ char *realm, *realm_save = NULL;
ads = ads_init(NULL, NULL, opt_host);
@@ -154,14 +156,26 @@ retry:
/*
* If the username is of the form "name at realm",
* extract the realm and convert to upper case.
+ * This is only used to establish the connection.
*/
+ realm_save = ads->auth.realm;
if ((realm = strchr(ads->auth.user_name, '@'))) {
*realm++ = '\0';
- ads->auth.realm = strdup(realm);
+ ads->auth.realm = realm;
strupper(ads->auth.realm);
}
status = ads_connect(ads);
+
+ /*
+ * Restore the realm name. If there wasn't one,
+ * default to the configuration realm.
+ */
+ if( realm_save == NULL )
+ realm_save = strdup(ads->config.realm);
+
+ ads->auth.realm = realm_save;
+
if (!ADS_ERR_OK(status)) {
if (!need_password && !second_time) {
need_password = True;
More information about the samba-technical
mailing list