summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2005-12-19 11:50:28 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:47:31 -0500
commit636dbb355b2e96fd61b0fd042c3916a4735995e2 (patch)
tree583871bd1e6c23f3ea6a975b49df4c7dad16de43
parent512b94803df6c3ca3882bd88fcb9b0d94383fc7a (diff)
downloadsamba-636dbb355b2e96fd61b0fd042c3916a4735995e2.tar.gz
samba-636dbb355b2e96fd61b0fd042c3916a4735995e2.tar.bz2
samba-636dbb355b2e96fd61b0fd042c3916a4735995e2.zip
r12363: minor fixes for win2000 join/login
- the objectClass needs to be added to the list of attributes to make the check for objectClass=computer work - the short version of the name needs to be used for the 'cn' in cracknames (This used to be commit 53f0fb77c3c1bd15620f1dbb12e0d8f9fededf4b)
-rw-r--r--source4/auth/auth_sam.c3
-rw-r--r--source4/dsdb/samdb/cracknames.c11
2 files changed, 12 insertions, 2 deletions
diff --git a/source4/auth/auth_sam.c b/source4/auth/auth_sam.c
index 95a7702822..49813a437d 100644
--- a/source4/auth/auth_sam.c
+++ b/source4/auth/auth_sam.c
@@ -64,7 +64,8 @@ static const char *user_attrs[] = {
NULL,
};
-static const char *domain_ref_attrs[] = {"nETBIOSName", "nCName", "dnsRoot", NULL};
+static const char *domain_ref_attrs[] = {"nETBIOSName", "nCName",
+ "dnsRoot", "objectClass", NULL};
/****************************************************************************
Do a specific test for an smb password being correct, given a smb_password and
diff --git a/source4/dsdb/samdb/cracknames.c b/source4/dsdb/samdb/cracknames.c
index 2010005a6b..977f992c08 100644
--- a/source4/dsdb/samdb/cracknames.c
+++ b/source4/dsdb/samdb/cracknames.c
@@ -453,11 +453,20 @@ WERROR DsCrackNameOneName(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx,
krb5_free_principal(smb_krb5_context->krb5_context, principal);
return WERR_NOMEM;
}
+
service = principal->name.name_string.val[0];
if ((principal->name.name_string.len == 2) && (strcasecmp(service, "host") == 0)) {
+ /* the 'cn' attribute is just the leading part of the name */
+ char *computer_name;
+ computer_name = talloc_strndup(mem_ctx, principal->name.name_string.val[1],
+ strcspn(principal->name.name_string.val[1], "."));
+ if (computer_name == NULL) {
+ return WERR_NOMEM;
+ }
+
result_filter = talloc_asprintf(mem_ctx, "(|(&(servicePrincipalName=%s)(objectClass=user))(&(cn=%s)(objectClass=computer)))",
ldb_binary_encode_string(mem_ctx, unparsed_name_short),
- ldb_binary_encode_string(mem_ctx, principal->name.name_string.val[1]));
+ ldb_binary_encode_string(mem_ctx, computer_name));
} else {
result_filter = talloc_asprintf(mem_ctx, "(&(servicePrincipalName=%s)(objectClass=user))",
ldb_binary_encode_string(mem_ctx, unparsed_name_short));