RE: [PATCH] Joining domains specifying auth realm
BTW, the patch also includes two more lines of output for "net ads info" -- the KDC server and server time offset. I find them useful for helping to automate the join process. Ken Ken Cross Network Storage Solutions Phone 865.675.4070 ext 31 [EMAIL PROTECTED] > -Original Message- > From: > [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] > amba.org] On Behalf Of Ken Cross > Sent: Monday, March 17, 2003 8:48 AM > To: 'Andrew Bartlett' > Cc: 'Multiple recipients of list SAMBA-TECHNICAL' > Subject: RE: [PATCH] Joining domains specifying auth realm > > > Andrew: > > Patch to HEAD below -- sorry, should have realized that. > > The reason I had to change it was that ads_set_machine_password uses > ads->auth.realm to build the principal name. Should that be > ads->config.realm? > > Ken > > > Ken Cross > > Network Storage Solutions > Phone 865.675.4070 ext 31 > [EMAIL PROTECTED] > > > -Original Message- > > From: Andrew Bartlett [mailto:[EMAIL PROTECTED] > > Sent: Sunday, March 16, 2003 11:24 PM > > To: Ken Cross > > Cc: 'Multiple recipients of list SAMBA-TECHNICAL'; 'Andrew Bartlett' > > Subject: Re: [PATCH] Joining domains specifying auth realm > > > > > > On Sat, 2003-03-15 at 03:01, Ken Cross wrote: > > > Let's try this again. The previous patch I submitted > > didn't work in > > > some configurations. (ads->auth.realm needs to be > > preserved over the > > > ads_connect call.) > > > > If it's not preserved, won't it be free()ed in the process? > > > > And shouldn't change the code that's clobbering it instead? > > > > I applied the previous patch - can you get me the changes > > against current HEAD? > > > > Andrew Bartlett > > > > -- > > Andrew Bartlett [EMAIL PROTECTED] > > Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] > > Student Network Administrator, Hawker College [EMAIL PROTECTED] > > http://samba.org http://build.samba.org http://hawkerc.net > > > >
RE: [PATCH] Joining domains specifying auth realm
Andrew: Patch to HEAD below -- sorry, should have realized that. The reason I had to change it was that ads_set_machine_password uses ads->auth.realm to build the principal name. Should that be ads->config.realm? Ken Ken Cross Network Storage Solutions Phone 865.675.4070 ext 31 [EMAIL PROTECTED] > -Original Message- > From: Andrew Bartlett [mailto:[EMAIL PROTECTED] > Sent: Sunday, March 16, 2003 11:24 PM > To: Ken Cross > Cc: 'Multiple recipients of list SAMBA-TECHNICAL'; 'Andrew Bartlett' > Subject: Re: [PATCH] Joining domains specifying auth realm > > > On Sat, 2003-03-15 at 03:01, Ken Cross wrote: > > Let's try this again. The previous patch I submitted > didn't work in > > some configurations. (ads->auth.realm needs to be > preserved over the > > ads_connect call.) > > If it's not preserved, won't it be free()ed in the process? > > And shouldn't change the code that's clobbering it instead? > > I applied the previous patch - can you get me the changes > against current HEAD? > > Andrew Bartlett > > -- > Andrew Bartlett [EMAIL PROTECTED] > Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] > Student Network Administrator, Hawker College [EMAIL PROTECTED] > http://samba.org http://build.samba.org http://hawkerc.net > --- /tmp/samba/source/utils/net_ads.c Sat Mar 15 21:14:05 2003 +++ utils/net_ads.c Mon Mar 17 08:26:50 2003 @@ -109,6 +107,9 @@ static int net_ads_info(int argc, const d_printf("LDAP port: %d\n", ads->ldap_port); d_printf("Server time: %s\n", http_timestring(ads->config.current_time)); + d_printf("KDC server: %s\n", ads->auth.kdc_server ); /* KJC */ + d_printf("Server time offset: %d\n", ads->auth.time_offset ); /* KJC */ + return 0; } @@ -124,7 +125,7 @@ static ADS_STRUCT *ads_startup(void) ADS_STATUS status; BOOL need_password = False; BOOL second_time = False; - char *realm; + char *realm, *realm_save = NULL; ads = ads_init(NULL, NULL, opt_host); @@ -154,14 +156,26 @@ retry: /* * If the username is of the form "[EMAIL PROTECTED]", * extract the realm and convert to upper case. +* This is only used to establish the connection. */ + realm_save = ads->auth.realm; if ((realm = strchr(ads->auth.user_name, '@'))) { *realm++ = '\0'; - ads->auth.realm = strdup(realm); + ads->auth.realm = realm; strupper(ads->auth.realm); } status = ads_connect(ads); + + /* +* Restore the realm name. If there wasn't one, +* default to the configuration realm. +*/ + if( realm_save == NULL ) + realm_save = strdup(ads->config.realm); + + ads->auth.realm = realm_save; + if (!ADS_ERR_OK(status)) { if (!need_password && !second_time) { need_password = True;
Re: [PATCH] Joining domains specifying auth realm
On Sat, 2003-03-15 at 03:01, Ken Cross wrote: > Let's try this again. The previous patch I submitted didn't work in > some configurations. (ads->auth.realm needs to be preserved over the > ads_connect call.) If it's not preserved, won't it be free()ed in the process? And shouldn't change the code that's clobbering it instead? I applied the previous patch - can you get me the changes against current HEAD? Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part
[PATCH] Joining domains specifying auth realm
Let's try this again. The previous patch I submitted didn't work in some configurations. (ads->auth.realm needs to be preserved over the ads_connect call.) This patch is for SAMBA_3_0. Ken Ken Cross Network Storage Solutions Phone 865.675.4070 ext 31 [EMAIL PROTECTED] RCS file: /cvsroot/samba/source/utils/net_ads.c,v retrieving revision 1.37.2.12 diff -p -u -r1.37.2.12 net_ads.c --- utils/net_ads.c 24 Feb 2003 03:06:45 - 1.37.2.12 +++ utils/net_ads.c 14 Mar 2003 15:55:45 - @@ -122,6 +125,7 @@ static ADS_STRUCT *ads_startup(void) ADS_STATUS status; BOOL need_password = False; BOOL second_time = False; + char *cp, *realm_save = NULL; ads = ads_init(NULL, NULL, opt_host); @@ -147,7 +151,29 @@ retry: ads->auth.user_name = strdup(opt_user_name); + /* +* If the username is of the form "[EMAIL PROTECTED]", +* extract the realm and convert to upper case. +* This is only used to establish the connection. +*/ + realm_save = ads->auth.realm; + if (cp = strchr(ads->auth.user_name, '@')) { + *cp++ = '\0'; + ads->auth.realm = cp; + strupper(ads->auth.realm); + } + status = ads_connect(ads); + + /* +* Restore the realm name. If there wasn't one, +* default to the configuration realm. +*/ + if( realm_save == NULL ) + realm_save = strdup(ads->config.realm); + + ads->auth.realm = realm_save; + if (!ADS_ERR_OK(status)) { if (!need_password && !second_time) { need_password = True;