summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2005-12-19 07:11:58 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:47:31 -0500
commit512b94803df6c3ca3882bd88fcb9b0d94383fc7a (patch)
tree17e813071b9a35279c880d5f08f9dcb67d0e2883
parentbceca723044e9cf5d835e8d732be3ab57906505e (diff)
downloadsamba-512b94803df6c3ca3882bd88fcb9b0d94383fc7a.tar.gz
samba-512b94803df6c3ca3882bd88fcb9b0d94383fc7a.tar.bz2
samba-512b94803df6c3ca3882bd88fcb9b0d94383fc7a.zip
r12362: Along with a cracknames change in the previous commit, this should
allow Win2000 machines to again use kerberos with Samba4. Andrew Bartlett (This used to be commit 5770409dcd0151a7303b16c565b1f68845b8622d)
-rw-r--r--source4/kdc/hdb-ldb.c24
1 files changed, 15 insertions, 9 deletions
diff --git a/source4/kdc/hdb-ldb.c b/source4/kdc/hdb-ldb.c
index 1ab52ecb68..367c211b90 100644
--- a/source4/kdc/hdb-ldb.c
+++ b/source4/kdc/hdb-ldb.c
@@ -225,6 +225,7 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db,
unsigned int userAccountControl;
int i;
krb5_error_code ret = 0;
+ krb5_boolean is_computer = FALSE;
const char *dnsdomain = ldb_msg_find_string(realm_ref_msg, "dnsRoot", NULL);
char *realm = strupper_talloc(mem_ctx, dnsdomain);
struct ldb_dn *domain_dn = samdb_result_dn(mem_ctx, realm_ref_msg, "nCName", ldb_dn_new(mem_ctx));
@@ -232,6 +233,17 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db,
struct hdb_ldb_private *private;
NTTIME acct_expiry;
+ struct ldb_message_element *objectclasses;
+ struct ldb_val computer_val;
+ computer_val.data = discard_const_p(uint8_t,"computer");
+ computer_val.length = strlen((const char *)computer_val.data);
+
+ objectclasses = ldb_msg_find_element(msg, "objectClass");
+
+ if (objectclasses && ldb_msg_find_val(objectclasses, &computer_val)) {
+ is_computer = TRUE;
+ }
+
memset(entry_ex, 0, sizeof(*entry_ex));
krb5_warnx(context, "LDB_message2entry:\n");
@@ -256,6 +268,7 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db,
entry_ex->free_entry = hdb_ldb_free_entry;
userAccountControl = ldb_msg_find_uint(msg, "userAccountControl", 0);
+
entry_ex->entry.principal = malloc(sizeof(*(entry_ex->entry.principal)));
if (ent_type == HDB_LDB_ENT_TYPE_ANY && principal == NULL) {
@@ -306,7 +319,7 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db,
}
if (lp_parm_bool(-1, "kdc", "require spn for service", True)) {
- if (!ldb_msg_find_string(msg, "servicePrincipalName", NULL)) {
+ if (!is_computer && !ldb_msg_find_string(msg, "servicePrincipalName", NULL)) {
entry_ex->entry.flags.server = 0;
}
}
@@ -377,14 +390,7 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db,
Principal *salt_principal;
const char *user_principal_name = ldb_msg_find_string(msg, "userPrincipalName", NULL);
- struct ldb_message_element *objectclasses;
- struct ldb_val computer_val;
- computer_val.data = discard_const_p(uint8_t,"computer");
- computer_val.length = strlen((const char *)computer_val.data);
-
- objectclasses = ldb_msg_find_element(msg, "objectClass");
-
- if (objectclasses && ldb_msg_find_val(objectclasses, &computer_val)) {
+ if (is_computer) {
/* Determine a salting principal */
char *samAccountName = talloc_strdup(mem_ctx, ldb_msg_find_string(msg, "samAccountName", NULL));
char *saltbody;