RE: [PATCH] Joining domains specifying auth realm

Mon, 17 Mar 2003 05:47:44 -0800 

Andrew:

Patch to HEAD below -- sorry, should have realized that.

The reason I had to change it was that ads_set_machine_password uses
ads->auth.realm to build the principal name.  Should that be
ads->config.realm?

Ken
________________________________

Ken Cross

Network Storage Solutions
Phone 865.675.4070 ext 31
[EMAIL PROTECTED] 

> -----Original Message-----
> From: Andrew Bartlett [mailto:[EMAIL PROTECTED] 
> Sent: Sunday, March 16, 2003 11:24 PM
> To: Ken Cross
> Cc: 'Multiple recipients of list SAMBA-TECHNICAL'; 'Andrew Bartlett'
> Subject: Re: [PATCH] Joining domains specifying auth realm
> 
> 
> On Sat, 2003-03-15 at 03:01, Ken Cross wrote:
> > Let's try this again.  The previous patch I submitted 
> didn't work in 
> > some configurations.  (ads->auth.realm needs to be 
> preserved over the 
> > ads_connect call.)
> 
> If it's not preserved, won't it be free()ed in the process?
> 
> And shouldn't change the code that's clobbering it instead?
> 
> I applied the previous patch - can you get me the changes 
> against current HEAD?
> 
> Andrew Bartlett
> 
> -- 
> Andrew Bartlett                                 [EMAIL PROTECTED]
> Manager, Authentication Subsystems, Samba Team  [EMAIL PROTECTED]
> Student Network Administrator, Hawker College   [EMAIL PROTECTED]
> http://samba.org     http://build.samba.org     http://hawkerc.net
> 

--- /tmp/samba/source/utils/net_ads.c   Sat Mar 15 21:14:05 2003
+++ utils/net_ads.c     Mon Mar 17 08:26:50 2003
@@ -109,6 +107,9 @@ static int net_ads_info(int argc, const 
        d_printf("LDAP port: %d\n", ads->ldap_port);
        d_printf("Server time: %s\n", http_timestring(ads->config.current_time));
 
+       d_printf("KDC server: %s\n", ads->auth.kdc_server );           /* KJC */
+       d_printf("Server time offset: %d\n", ads->auth.time_offset );  /* KJC */
+
        return 0;
 }
 
@@ -124,7 +125,7 @@ static ADS_STRUCT *ads_startup(void)
        ADS_STATUS status;
        BOOL need_password = False;
        BOOL second_time = False;
-       char *realm;
+       char *realm, *realm_save = NULL;
        
        ads = ads_init(NULL, NULL, opt_host);
 
@@ -154,14 +156,26 @@ retry:
        /*
         * If the username is of the form "[EMAIL PROTECTED]", 
         * extract the realm and convert to upper case.
+        * This is only used to establish the connection.
         */
+       realm_save = ads->auth.realm;
        if ((realm = strchr(ads->auth.user_name, '@'))) {
                *realm++ = '\0';
-               ads->auth.realm = strdup(realm);
+               ads->auth.realm = realm;
                strupper(ads->auth.realm);
        }
 
        status = ads_connect(ads);
+
+       /*
+        * Restore the realm name.  If there wasn't one,
+        * default to the configuration realm.
+        */
+       if( realm_save == NULL )
+               realm_save = strdup(ads->config.realm);
+
+       ads->auth.realm = realm_save;
+
        if (!ADS_ERR_OK(status)) {
                if (!need_password && !second_time) {
                        need_password = True;

Reply via email to