diff options
author | Andrew Tridgell <tridge@samba.org> | 2005-12-19 11:50:28 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:47:31 -0500 |
commit | 636dbb355b2e96fd61b0fd042c3916a4735995e2 (patch) | |
tree | 583871bd1e6c23f3ea6a975b49df4c7dad16de43 | |
parent | 512b94803df6c3ca3882bd88fcb9b0d94383fc7a (diff) | |
download | samba-636dbb355b2e96fd61b0fd042c3916a4735995e2.tar.gz samba-636dbb355b2e96fd61b0fd042c3916a4735995e2.tar.bz2 samba-636dbb355b2e96fd61b0fd042c3916a4735995e2.zip |
r12363: minor fixes for win2000 join/login
- the objectClass needs to be added to the list of attributes to make
the check for objectClass=computer work
- the short version of the name needs to be used for the 'cn' in
cracknames
(This used to be commit 53f0fb77c3c1bd15620f1dbb12e0d8f9fededf4b)
-rw-r--r-- | source4/auth/auth_sam.c | 3 | ||||
-rw-r--r-- | source4/dsdb/samdb/cracknames.c | 11 |
2 files changed, 12 insertions, 2 deletions
diff --git a/source4/auth/auth_sam.c b/source4/auth/auth_sam.c index 95a7702822..49813a437d 100644 --- a/source4/auth/auth_sam.c +++ b/source4/auth/auth_sam.c @@ -64,7 +64,8 @@ static const char *user_attrs[] = { NULL, }; -static const char *domain_ref_attrs[] = {"nETBIOSName", "nCName", "dnsRoot", NULL}; +static const char *domain_ref_attrs[] = {"nETBIOSName", "nCName", + "dnsRoot", "objectClass", NULL}; /**************************************************************************** Do a specific test for an smb password being correct, given a smb_password and diff --git a/source4/dsdb/samdb/cracknames.c b/source4/dsdb/samdb/cracknames.c index 2010005a6b..977f992c08 100644 --- a/source4/dsdb/samdb/cracknames.c +++ b/source4/dsdb/samdb/cracknames.c @@ -453,11 +453,20 @@ WERROR DsCrackNameOneName(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx, krb5_free_principal(smb_krb5_context->krb5_context, principal); return WERR_NOMEM; } + service = principal->name.name_string.val[0]; if ((principal->name.name_string.len == 2) && (strcasecmp(service, "host") == 0)) { + /* the 'cn' attribute is just the leading part of the name */ + char *computer_name; + computer_name = talloc_strndup(mem_ctx, principal->name.name_string.val[1], + strcspn(principal->name.name_string.val[1], ".")); + if (computer_name == NULL) { + return WERR_NOMEM; + } + result_filter = talloc_asprintf(mem_ctx, "(|(&(servicePrincipalName=%s)(objectClass=user))(&(cn=%s)(objectClass=computer)))", ldb_binary_encode_string(mem_ctx, unparsed_name_short), - ldb_binary_encode_string(mem_ctx, principal->name.name_string.val[1])); + ldb_binary_encode_string(mem_ctx, computer_name)); } else { result_filter = talloc_asprintf(mem_ctx, "(&(servicePrincipalName=%s)(objectClass=user))", ldb_binary_encode_string(mem_ctx, unparsed_name_short)); |