[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH][SAMBA4] Allow default realm for unqualified hostnames

To: samba-technical@samba.org
Subject: [PATCH][SAMBA4] Allow default realm for unqualified hostnames
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 21 Sep 2005 09:52:23 +1000
Cc: heimdal-discuss@sics.se
Sender: owner-heimdal-discuss@sics.se

In the absence of the full KDC-side canonicalisation code, I've hacked
Heimdal to use the default realm if no other realm can be determined for
a given host.

I also had to make sure to use the upper-cased realm from our smb.conf,
when overriding the defaults in Heimdal.

The patch is attached.

Andrew Bartlett
-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.        http://suse.de
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net

Index: heimdal/lib/krb5/get_host_realm.c
===================================================================
--- heimdal/lib/krb5/get_host_realm.c	(revision 10369)
+++ heimdal/lib/krb5/get_host_realm.c	(working copy)
@@ -187,27 +187,40 @@
 		return 0;
 	}
     }
+
+    *realms = malloc(2 * sizeof(krb5_realm));
+    if (*realms == NULL) {
+	    krb5_set_error_string(context, "malloc: out of memory");
+	    return ENOMEM;
+    }
+    
+    (*realms)[1] = NULL;
+
     p = strchr(host, '.');
     if(p != NULL) {
 	p++;
-	*realms = malloc(2 * sizeof(krb5_realm));
-	if (*realms == NULL) {
+	(*realms)[0] = strdup(p);
+	if((*realms)[0] == NULL) {
+	    free(*realms);
 	    krb5_set_error_string(context, "malloc: out of memory");
 	    return ENOMEM;
 	}
-
-	(*realms)[0] = strdup(p);
-	if((*realms)[0] == NULL) {
+	strupr((*realms)[0]);
+    } else {
+	krb5_error_code ret;
+	ret = krb5_get_default_realm(context, &(*realms)[0]);
+	if(ret) {
 	    free(*realms);
 	    krb5_set_error_string(context, "malloc: out of memory");
 	    return ENOMEM;
 	}
-	strupr((*realms)[0]);
-	(*realms)[1] = NULL;
-	return 0;
+	if((*realms)[0] == NULL) {
+	    free(*realms);
+	    krb5_set_error_string(context, "unable to find realm of host %s", host);
+	    return KRB5_ERR_HOST_REALM_UNKNOWN;
+	}
     }
-    krb5_set_error_string(context, "unable to find realm of host %s", host);
-    return KRB5_ERR_HOST_REALM_UNKNOWN;
+    return 0;
 }
 
 /*
Index: auth/kerberos/krb5_init_context.c
===================================================================
--- auth/kerberos/krb5_init_context.c	(revision 10369)
+++ auth/kerberos/krb5_init_context.c	(working copy)
@@ -84,7 +84,7 @@
 			talloc_free(tmp_ctx);
 			return ENOMEM;
 		}
-		ret = krb5_set_default_realm((*smb_krb5_context)->krb5_context, lp_realm());
+		ret = krb5_set_default_realm((*smb_krb5_context)->krb5_context, upper_realm);
 		if (ret) {
 			DEBUG(1,("krb5_set_default_realm failed (%s)\n", 
 				 smb_get_krb5_error_message((*smb_krb5_context)->krb5_context, ret, tmp_ctx)));

This is a digitally signed message part

Prev by Date: Re: inter-Windows 2003/non-Windows Kerberos realm referrals [Re:Single DNS domain for Multiple Kerberos V5 Realms ?]
Next by Date: Re: Cross Realm HELP
Prev by thread: Re: Cross Realm HELP
Next by thread: [PATCH] Should we avoid DNS for short names?
Index(es):
- Date
- Thread