s4: Changes the old occurences of "lp_realm" in "lp_dnsdomain" where needed

For KERBEROS applications the realm should be upcase (function "lp_realm") but
for DNS ones it should be used lowcase (function "lp_dnsdomain"). This patch
implements the use of both in the right way.

15 files changed, 43 insertions, 49 deletions

diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c
index a23f913264..2759ab41c3 100644
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -147,6 +147,7 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security)
 	struct gensec_gssapi_state *gensec_gssapi_state;
 	krb5_error_code ret;
 	struct gsskrb5_send_to_kdc send_to_kdc;
+	const char *realm;
 
 	gensec_gssapi_state = talloc(gensec_security, struct gensec_gssapi_state);
 	if (!gensec_gssapi_state) {
@@ -226,15 +227,10 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security)
 		talloc_free(gensec_gssapi_state);
 		return NT_STATUS_INTERNAL_ERROR;
 	}
-	if (lp_realm(gensec_security->settings->lp_ctx) && *lp_realm(gensec_security->settings->lp_ctx)) {
-		char *upper_realm = strupper_talloc(gensec_gssapi_state, lp_realm(gensec_security->settings->lp_ctx));
-		if (!upper_realm) {
-			DEBUG(1,("gensec_krb5_start: could not uppercase realm: %s\n", lp_realm(gensec_security->settings->lp_ctx)));
-			talloc_free(gensec_gssapi_state);
-			return NT_STATUS_NO_MEMORY;
-		}
-		ret = gsskrb5_set_default_realm(upper_realm);
-		talloc_free(upper_realm);
+
+	realm = lp_realm(gensec_security->settings->lp_ctx);
+	if (realm != NULL) {
+		ret = gsskrb5_set_default_realm(realm);
 		if (ret) {
 			DEBUG(1,("gensec_krb5_start: gsskrb5_set_default_realm failed\n"));
 			talloc_free(gensec_gssapi_state);
diff --git a/source4/auth/kerberos/krb5_init_context.c b/source4/auth/kerberos/krb5_init_context.c
index 04f0718a62..c00d7b1618 100644
--- a/source4/auth/kerberos/krb5_init_context.c
+++ b/source4/auth/kerberos/krb5_init_context.c
@@ -368,7 +368,7 @@ krb5_error_code smb_krb5_init_context(void *parent_ctx,
 	krb5_error_code ret;
 	TALLOC_CTX *tmp_ctx;
 	char **config_files;
-	const char *config_file;
+	const char *config_file, *realm;
 	
 	initialize_krb5_error_table();
 	
@@ -415,14 +415,9 @@ krb5_error_code smb_krb5_init_context(void *parent_ctx,
 		return ret;
 	}
 						
-	if (lp_realm(lp_ctx) && *lp_realm(lp_ctx)) {
-		char *upper_realm = strupper_talloc(tmp_ctx, lp_realm(lp_ctx));
-		if (!upper_realm) {
-			DEBUG(1,("gensec_krb5_start: could not uppercase realm: %s\n", lp_realm(lp_ctx)));
-			talloc_free(tmp_ctx);
-			return ENOMEM;
-		}
-		ret = krb5_set_default_realm((*smb_krb5_context)->krb5_context, upper_realm);
+	realm = lp_realm(lp_ctx);
+	if (realm != NULL) {
+		ret = krb5_set_default_realm((*smb_krb5_context)->krb5_context, realm);
 		if (ret) {
 			DEBUG(1,("krb5_set_default_realm failed (%s)\n", 
 				 smb_get_krb5_error_message((*smb_krb5_context)->krb5_context, ret, tmp_ctx)));
diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c
index 50a8775ae4..b06fd609f2 100644
--- a/source4/cldap_server/netlogon.c
+++ b/source4/cldap_server/netlogon.c
@@ -61,7 +61,6 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx,
 	uint32_t server_type;
 	const char *pdc_name;
 	struct GUID domain_uuid;
-	const char *realm;
 	const char *dns_domain;
 	const char *pdc_dns_name;
 	const char *flatname;
@@ -78,7 +77,7 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx,
 		domain = talloc_strndup(mem_ctx, domain, strlen(domain)-1);
 	}
 
-	if (domain && strcasecmp_m(domain, lp_realm(lp_ctx)) == 0) {
+	if (domain && strcasecmp_m(domain, lp_dnsdomain(lp_ctx)) == 0) {
 		domain_dn = ldb_get_default_basedn(sam_ctx);
 	}
 
@@ -245,8 +244,7 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx,
 
 	pdc_name         = talloc_asprintf(mem_ctx, "\\\\%s", lp_netbios_name(lp_ctx));
 	domain_uuid      = samdb_result_guid(dom_res->msgs[0], "objectGUID");
-	realm            = lp_realm(lp_ctx);
-	dns_domain       = lp_realm(lp_ctx);
+	dns_domain       = lp_dnsdomain(lp_ctx);
 	pdc_dns_name     = talloc_asprintf(mem_ctx, "%s.%s", 
 					   strlower_talloc(mem_ctx, 
 							   lp_netbios_name(lp_ctx)), 
@@ -274,7 +272,7 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx,
 		}
 		netlogon->data.nt5_ex.server_type  = server_type;
 		netlogon->data.nt5_ex.domain_uuid  = domain_uuid;
-		netlogon->data.nt5_ex.forest       = realm;
+		netlogon->data.nt5_ex.forest       = dns_domain;
 		netlogon->data.nt5_ex.dns_domain   = dns_domain;
 		netlogon->data.nt5_ex.pdc_dns_name = pdc_dns_name;
 		netlogon->data.nt5_ex.domain       = flatname;
@@ -307,7 +305,7 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx,
 		netlogon->data.nt5.user_name    = user;
 		netlogon->data.nt5.domain_name  = flatname;
 		netlogon->data.nt5.domain_uuid  = domain_uuid;
-		netlogon->data.nt5.forest       = realm;
+		netlogon->data.nt5.forest       = dns_domain;
 		netlogon->data.nt5.dns_domain   = dns_domain;
 		netlogon->data.nt5.pdc_dns_name = pdc_dns_name;
 		netlogon->data.nt5.pdc_ip       = pdc_ip;
@@ -403,7 +401,7 @@ void cldapd_netlogon_request(struct cldap_socket *cldap,
 	}
 
 	if (domain_guid == NULL && domain == NULL) {
-		domain = lp_realm(cldapd->task->lp_ctx);
+		domain = lp_dnsdomain(cldapd->task->lp_ctx);
 	}
 
 	if (version == -1) {
diff --git a/source4/dsdb/kcc/kcc_periodic.c b/source4/dsdb/kcc/kcc_periodic.c
index 44e0c7ae8b..30d43033cb 100644
--- a/source4/dsdb/kcc/kcc_periodic.c
+++ b/source4/dsdb/kcc/kcc_periodic.c
@@ -152,7 +152,7 @@ static NTSTATUS kccsrv_simple_update(struct kccsrv_service *s, TALLOC_CTX *mem_c
 		r1->other_info               = talloc_zero(reps, struct repsFromTo1OtherInfo);
 		r1->other_info->dns_name     = talloc_asprintf(r1->other_info, "%s._msdcs.%s",
 							       GUID_string(mem_ctx, &ntds_guid),
-							       lp_realm(s->task->lp_ctx));
+							       lp_dnsdomain(s->task->lp_ctx));
 		r1->source_dsa_obj_guid      = ntds_guid;
 		r1->source_dsa_invocation_id = invocation_id;
 		r1->replica_flags            = 
diff --git a/source4/dsdb/repl/drepl_out_helpers.c b/source4/dsdb/repl/drepl_out_helpers.c
index 5c63c111f3..598ceb58b9 100644
--- a/source4/dsdb/repl/drepl_out_helpers.c
+++ b/source4/dsdb/repl/drepl_out_helpers.c
@@ -506,10 +506,9 @@ static void dreplsrv_update_refs_send(struct dreplsrv_op_pull_source_state *st)
 	ntds_guid_str = GUID_string(r, &service->ntds_guid);
 	if (composite_nomem(ntds_guid_str, c)) return;
 
-	/* lp_realm() is not really right here */
 	ntds_dns_name = talloc_asprintf(r, "%s._msdcs.%s",
 					ntds_guid_str,
-					lp_realm(service->task->lp_ctx));
+					lp_dnsdomain(service->task->lp_ctx));
 	if (composite_nomem(ntds_dns_name, c)) return;
 
 	r->in.bind_handle	= &drsuapi->bind_handle;
diff --git a/source4/kdc/kdc.c b/source4/kdc/kdc.c
index a67aa09461..1260e9000f 100644
--- a/source4/kdc/kdc.c
+++ b/source4/kdc/kdc.c
@@ -602,7 +602,7 @@ static NTSTATUS kdc_check_generic_kerberos(struct irpc_message *msg,
 	}
 
 	ret = krb5_make_principal(kdc->smb_krb5_context->krb5_context, &principal, 
-				  lp_realm(kdc->task->lp_ctx), 
+				  lp_realm(kdc->task->lp_ctx),
 				  "krbtgt", lp_realm(kdc->task->lp_ctx), 
 				  NULL);
 
diff --git a/source4/lib/tls/tls.c b/source4/lib/tls/tls.c
index ba2e9e431b..470b555aee 100644
--- a/source4/lib/tls/tls.c
+++ b/source4/lib/tls/tls.c
@@ -377,7 +377,8 @@ struct tls_params *tls_initialise(TALLOC_CTX *mem_ctx, struct loadparm_context *
 
 	if (!file_exist(cafile)) {
 		char *hostname = talloc_asprintf(mem_ctx, "%s.%s",
-						 lp_netbios_name(lp_ctx), lp_realm(lp_ctx));
+						 lp_netbios_name(lp_ctx),
+						 lp_dnsdomain(lp_ctx));
 		if (hostname == NULL) {
 			goto init_failed;
 		}
diff --git a/source4/libcli/ldap/ldap_client.c b/source4/libcli/ldap/ldap_client.c
index 3c78a7c7e2..eb53276936 100644
--- a/source4/libcli/ldap/ldap_client.c
+++ b/source4/libcli/ldap/ldap_client.c
@@ -338,7 +338,9 @@ _PUBLIC_ struct composite_context *ldap_connect_send(struct ldap_connection *con
 		/* LDAPI connections are to localhost, so give the
 		 * local host name as the target for gensec's
 		 * DIGEST-MD5 mechanism */
-		conn->host = talloc_asprintf(conn, "%s.%s", lp_netbios_name(conn->lp_ctx),  lp_realm(conn->lp_ctx));
+		conn->host = talloc_asprintf(conn, "%s.%s",
+					     lp_netbios_name(conn->lp_ctx),
+					     lp_dnsdomain(conn->lp_ctx));
 		if (composite_nomem(conn->host, state->ctx)) {
 			return result;
 		}
diff --git a/source4/ntptr/simple_ldb/ntptr_simple_ldb.c b/source4/ntptr/simple_ldb/ntptr_simple_ldb.c
index 601f7902df..e179f52926 100644
--- a/source4/ntptr/simple_ldb/ntptr_simple_ldb.c
+++ b/source4/ntptr/simple_ldb/ntptr_simple_ldb.c
@@ -208,12 +208,14 @@ static WERROR sptr_GetPrintServerData(struct ntptr_GenericHandle *server, TALLOC
 		r->out.data->binary	= blob;
 		return WERR_OK;
 	} else if (strcmp("DNSMachineName", r->in.value_name) == 0) {
-		if (!lp_realm(server->ntptr->lp_ctx)) return WERR_INVALID_PARAM;
+		const char *dnsdomain = lp_dnsdomain(server->ntptr->lp_ctx);
+
+		if (dnsdomain == NULL) return WERR_INVALID_PARAM;
 
 		*r->out.type		= REG_SZ;
 		r->out.data->string	= talloc_asprintf(mem_ctx, "%s.%s",
-								   lp_netbios_name(server->ntptr->lp_ctx),
-								   lp_realm(server->ntptr->lp_ctx));
+							  lp_netbios_name(server->ntptr->lp_ctx),
+							  dnsdomain);
 		W_ERROR_HAVE_NO_MEMORY(r->out.data->string);
 		return WERR_OK;
 	}
diff --git a/source4/rpc_server/drsuapi/addentry.c b/source4/rpc_server/drsuapi/addentry.c
index 2c913dd91d..dbaf627130 100644
--- a/source4/rpc_server/drsuapi/addentry.c
+++ b/source4/rpc_server/drsuapi/addentry.c
@@ -82,7 +82,7 @@ static WERROR drsuapi_add_SPNs(struct drsuapi_bind_state *b_state,
 
 		ntds_guid_str = GUID_string(res, &ntds_guid);
 
-		dom_string = lp_realm(dce_call->conn->dce_ctx->lp_ctx);
+		dom_string = lp_dnsdomain(dce_call->conn->dce_ctx->lp_ctx);
 
 		/*
 		 * construct a modify request to add the new SPNs to
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index 5eccd7f6a8..f763069a3b 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -643,7 +643,7 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
 		sam6 = talloc_zero(mem_ctx, struct netr_SamInfo6);
 		NT_STATUS_HAVE_NO_MEMORY(sam6);
 		sam6->base = *sam;
-		sam6->forest.string = lp_realm(dce_call->conn->dce_ctx->lp_ctx);
+		sam6->forest.string = lp_dnsdomain(dce_call->conn->dce_ctx->lp_ctx);
 		sam6->principle.string = talloc_asprintf(mem_ctx, "%s@%s", 
 							 sam->account_name.string, sam6->forest.string);
 		NT_STATUS_HAVE_NO_MEMORY(sam6->principle.string);
@@ -1096,7 +1096,7 @@ static NTSTATUS fill_one_domain_info(TALLOC_CTX *mem_ctx,
 
 	if (is_local) {
 		info->domainname.string = lp_sam_name(lp_ctx);
-		info->dns_domainname.string = lp_realm(lp_ctx);
+		info->dns_domainname.string = lp_dnsdomain(lp_ctx);
 		info->domain_guid = samdb_result_guid(res, "objectGUID");
 		info->domain_sid = samdb_result_dom_sid(mem_ctx, res, "objectSid");
 	} else {
@@ -1432,14 +1432,14 @@ static WERROR dcesrv_netr_DsRGetDCNameEx2(struct dcesrv_call_state *dce_call, TA
 	 */
 	info->dc_unc			= talloc_asprintf(mem_ctx, "\\\\%s.%s",
 							  lp_netbios_name(dce_call->conn->dce_ctx->lp_ctx), 
-							  lp_realm(dce_call->conn->dce_ctx->lp_ctx));
+							  lp_dnsdomain(dce_call->conn->dce_ctx->lp_ctx));
 	W_ERROR_HAVE_NO_MEMORY(info->dc_unc);
 	info->dc_address		= talloc_strdup(mem_ctx, "\\\\0.0.0.0");
 	W_ERROR_HAVE_NO_MEMORY(info->dc_address);
 	info->dc_address_type		= DS_ADDRESS_TYPE_INET;
 	info->domain_guid		= samdb_result_guid(res[0], "objectGUID");
-	info->domain_name		= lp_realm(dce_call->conn->dce_ctx->lp_ctx);
-	info->forest_name		= lp_realm(dce_call->conn->dce_ctx->lp_ctx);
+	info->domain_name		= lp_dnsdomain(dce_call->conn->dce_ctx->lp_ctx);
+	info->forest_name		= lp_dnsdomain(dce_call->conn->dce_ctx->lp_ctx);
 	info->dc_flags			= DS_DNS_FOREST_ROOT |
 					  DS_DNS_DOMAIN |
 					  DS_DNS_CONTROLLER |
@@ -1614,7 +1614,7 @@ static WERROR dcesrv_netr_DsrEnumerateDomainTrusts(struct dcesrv_call_state *dce
 	/* TODO: add filtering by trust_flags, and correct trust_type
 	   and attributes */
 	trusts->array[0].netbios_name = lp_sam_name(dce_call->conn->dce_ctx->lp_ctx);
-	trusts->array[0].dns_name     = lp_realm(dce_call->conn->dce_ctx->lp_ctx);
+	trusts->array[0].dns_name     = lp_dnsdomain(dce_call->conn->dce_ctx->lp_ctx);
 	trusts->array[0].trust_flags =
 		NETR_TRUST_FLAG_TREEROOT | 
 		NETR_TRUST_FLAG_IN_FOREST | 
diff --git a/source4/rpc_server/spoolss/dcesrv_spoolss.c b/source4/rpc_server/spoolss/dcesrv_spoolss.c
index d380b10d8e..0e071dc74c 100644
--- a/source4/rpc_server/spoolss/dcesrv_spoolss.c
+++ b/source4/rpc_server/spoolss/dcesrv_spoolss.c
@@ -150,6 +150,7 @@ static WERROR dcesrv_spoolss_check_server_name(struct dcesrv_call_state *dce_cal
 	bool ret;
 	struct socket_address *myaddr;
 	const char **aliases;
+	const char *dnsdomain;
 	int i;
 
 	/* NULL is ok */
@@ -186,12 +187,13 @@ static WERROR dcesrv_spoolss_check_server_name(struct dcesrv_call_state *dce_cal
 	/* DNS NAME is ok
 	 * TODO: we need to check if aliases are also ok
 	 */
-	if (lp_realm(dce_call->conn->dce_ctx->lp_ctx)) {
+	dnsdomain = lp_dnsdomain(dce_call->conn->dce_ctx->lp_ctx);
+	if (dnsdomain != NULL) {
 		char *str;
 
 		str = talloc_asprintf(mem_ctx, "%s.%s",
 						lp_netbios_name(dce_call->conn->dce_ctx->lp_ctx),
-						lp_realm(dce_call->conn->dce_ctx->lp_ctx));
+						dnsdomain);
 		W_ERROR_HAVE_NO_MEMORY(str);
 
 		ret = strequal(str, server_name);
diff --git a/source4/torture/rpc/frsapi.c b/source4/torture/rpc/frsapi.c
index e9a19bcf96..24d769a310 100644
--- a/source4/torture/rpc/frsapi.c
+++ b/source4/torture/rpc/frsapi.c
@@ -193,8 +193,7 @@ static bool test_ForceReplication(struct torture_context *tctx,
 
 	r.in.replica_set_guid = NULL;
 	r.in.connection_guid = NULL;
-	r.in.replica_set_name = talloc_asprintf(tctx, "%s",
-						lp_realm(tctx->lp_ctx));
+	r.in.replica_set_name = lp_dnsdomain(tctx->lp_ctx);
 	r.in.partner_dns_name = dcerpc_server_name(p);
 
 	torture_assert_ntstatus_ok(tctx,
diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c
index 35f1a5942f..6a753ed412 100644
--- a/source4/torture/rpc/netlogon.c
+++ b/source4/torture/rpc/netlogon.c
@@ -1991,7 +1991,7 @@ static bool test_netr_DsRGetDCName(struct torture_context *tctx,
 	struct netr_DsRGetDCNameInfo *info = NULL;
 
 	r.in.server_unc		= talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
-	r.in.domain_name	= talloc_asprintf(tctx, "%s", lp_realm(tctx->lp_ctx));
+	r.in.domain_name	= lp_dnsdomain(tctx->lp_ctx);
 	r.in.domain_guid	= NULL;
 	r.in.site_guid	        = NULL;
 	r.in.flags		= DS_RETURN_DNS_NAME;
@@ -2016,7 +2016,7 @@ static bool test_netr_DsRGetDCNameEx(struct torture_context *tctx,
 	struct netr_DsRGetDCNameInfo *info = NULL;
 
 	r.in.server_unc		= talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
-	r.in.domain_name	= talloc_asprintf(tctx, "%s", lp_realm(tctx->lp_ctx));
+	r.in.domain_name	= lp_dnsdomain(tctx->lp_ctx);
 	r.in.domain_guid	= NULL;
 	r.in.site_name	        = NULL;
 	r.in.flags		= DS_RETURN_DNS_NAME;
@@ -2043,7 +2043,7 @@ static bool test_netr_DsRGetDCNameEx2(struct torture_context *tctx,
 	r.in.server_unc		= talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
 	r.in.client_account	= NULL;
 	r.in.mask		= 0x00000000;
-	r.in.domain_name	= talloc_asprintf(tctx, "%s", lp_realm(tctx->lp_ctx));
+	r.in.domain_name	= lp_dnsdomain(tctx->lp_ctx);
 	r.in.domain_guid	= NULL;
 	r.in.site_name		= NULL;
 	r.in.flags		= DS_RETURN_DNS_NAME;
diff --git a/source4/torture/rpc/wkssvc.c b/source4/torture/rpc/wkssvc.c
index 06b1d05ee4..d5ef0a4fda 100644
--- a/source4/torture/rpc/wkssvc.c
+++ b/source4/torture/rpc/wkssvc.c
@@ -1132,7 +1132,7 @@ static bool test_NetrJoinDomain(struct torture_context *tctx,
 					user);
 
 	r.in.server_name = dcerpc_server_name(p);
-	r.in.domain_name = lp_realm(tctx->lp_ctx);
+	r.in.domain_name = lp_dnsdomain(tctx->lp_ctx);
 	r.in.account_ou = NULL;
 	r.in.Account = admin_account;
 	r.in.password = NULL;