diff options
author | Kamen Mazdrashki <kamenim@samba.org> | 2011-02-14 11:41:19 +0200 |
---|---|---|
committer | Kamen Mazdrashki <kamenim@samba.org> | 2011-02-14 13:15:31 +0100 |
commit | 850bf67c452bcb8570e2fb0af77296754bec98cc (patch) | |
tree | d05dd93caa4de133a8e1610582c3267a2b353623 | |
parent | 313489507593c7798d41f8cace48e7cc59228a0d (diff) | |
download | samba-850bf67c452bcb8570e2fb0af77296754bec98cc.tar.gz samba-850bf67c452bcb8570e2fb0af77296754bec98cc.tar.bz2 samba-850bf67c452bcb8570e2fb0af77296754bec98cc.zip |
s4-ldb_modules/acl: Use ntds_guid for SPN check only we have a DC object
ntds_guid is NULL otherwise as it doesn't make sense for
not a DC object
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date: Mon Feb 14 13:15:31 CET 2011 on sn-devel-104
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/acl.c | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c index af13955771..a96ea374a7 100644 --- a/source4/dsdb/samdb/ldb_modules/acl.c +++ b/source4/dsdb/samdb/ldb_modules/acl.c @@ -450,7 +450,6 @@ static int acl_validate_spn_value(TALLOC_CTX *mem_ctx, char *serviceType; char *serviceName; const char *realm; - const char *guid_str; const char *forest_name = samdb_forest_name(ldb, mem_ctx); const char *base_domain = samdb_default_domain_name(ldb, mem_ctx); struct loadparm_context *lp_ctx = talloc_get_type(ldb_get_opaque(ldb, "loadparm"), @@ -475,9 +474,6 @@ static int acl_validate_spn_value(TALLOC_CTX *mem_ctx, instanceName = principal->name.name_string.val[1]; serviceType = principal->name.name_string.val[0]; realm = krb5_principal_get_realm(krb_ctx, principal); - guid_str = talloc_asprintf(mem_ctx,"%s._msdcs.%s", - ntds_guid, - forest_name); if (principal->name.name_string.len == 3) { serviceName = principal->name.name_string.val[2]; } else { @@ -512,12 +508,15 @@ static int acl_validate_spn_value(TALLOC_CTX *mem_ctx, } else if (strcasecmp(instanceName, dnsHostName) == 0) { goto success; } else if (is_dc) { + const char *guid_str; + guid_str = talloc_asprintf(mem_ctx,"%s._msdcs.%s", + ntds_guid, + forest_name); if (strcasecmp(instanceName, guid_str) == 0) { goto success; } - } else { - goto fail; } + fail: krb5_free_principal(krb_ctx, principal); krb5_free_context(krb_ctx); |