diff options
author | Andrew Tridgell <tridge@samba.org> | 2011-09-28 14:18:14 +1000 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2011-10-04 15:08:57 +1100 |
commit | 6b69ecd0293d827b7429cfd75cf4a13ab4e40ce5 (patch) | |
tree | eb1b0806cfefe9d12c42f83448635c31a9d7a6b3 | |
parent | b930b1e1fc52b999141918cf0d06d66bfbbf1fa4 (diff) | |
download | samba-6b69ecd0293d827b7429cfd75cf4a13ab4e40ce5.tar.gz samba-6b69ecd0293d827b7429cfd75cf4a13ab4e40ce5.tar.bz2 samba-6b69ecd0293d827b7429cfd75cf4a13ab4e40ce5.zip |
heimdal: handle referrals for 3 part DRSUAPI SPNs
This handles referrals for SPNs of the form
E3514235-4B06-11D1-AB04-00C04FC2DCD2/NTDSGUID/REALM, which are
used during DRS replication when we don't know the dnsHostName of the
target DC (which we don't know until the first replication from that
DC completes).
We use the 3rd part of the SPN directly as the realm name in the
referral.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
-rw-r--r-- | source4/heimdal/kdc/krb5tgs.c | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c index 7955876822..96ee9ccc30 100644 --- a/source4/heimdal/kdc/krb5tgs.c +++ b/source4/heimdal/kdc/krb5tgs.c @@ -1121,7 +1121,24 @@ need_referral(krb5_context context, krb5_kdc_configuration *config, if (server->name.name_string.len == 1) name = server->name.name_string.val[0]; - else if (server->name.name_string.len > 1) + else if (server->name.name_string.len == 3 && + strcasecmp("E3514235-4B06-11D1-AB04-00C04FC2DCD2", server->name.name_string.val[0]) == 0) { + /* + This is used to give referrals for the + E3514235-4B06-11D1-AB04-00C04FC2DCD2/NTDSGUID/DNSDOMAIN + SPN form, which is used for inter-domain communication in AD + */ + name = server->name.name_string.val[2]; + kdc_log(context, config, 0, "Giving 3 part DRSUAPI referral for %s", name); + *realms = malloc(sizeof(char *)*2); + if (*realms == NULL) { + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); + return FALSE; + } + (*realms)[0] = strdup(name); + (*realms)[1] = NULL; + return TRUE; + } else if (server->name.name_string.len > 1) name = server->name.name_string.val[1]; else return FALSE; |