summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKamen Mazdrashki <kamenim@samba.org>2011-02-14 11:41:19 +0200
committerKamen Mazdrashki <kamenim@samba.org>2011-02-14 13:15:31 +0100
commit850bf67c452bcb8570e2fb0af77296754bec98cc (patch)
treed05dd93caa4de133a8e1610582c3267a2b353623
parent313489507593c7798d41f8cace48e7cc59228a0d (diff)
downloadsamba-850bf67c452bcb8570e2fb0af77296754bec98cc.tar.gz
samba-850bf67c452bcb8570e2fb0af77296754bec98cc.tar.bz2
samba-850bf67c452bcb8570e2fb0af77296754bec98cc.zip
s4-ldb_modules/acl: Use ntds_guid for SPN check only we have a DC object
ntds_guid is NULL otherwise as it doesn't make sense for not a DC object Autobuild-User: Kamen Mazdrashki <kamenim@samba.org> Autobuild-Date: Mon Feb 14 13:15:31 CET 2011 on sn-devel-104
-rw-r--r--source4/dsdb/samdb/ldb_modules/acl.c11
1 files changed, 5 insertions, 6 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c
index af13955771..a96ea374a7 100644
--- a/source4/dsdb/samdb/ldb_modules/acl.c
+++ b/source4/dsdb/samdb/ldb_modules/acl.c
@@ -450,7 +450,6 @@ static int acl_validate_spn_value(TALLOC_CTX *mem_ctx,
char *serviceType;
char *serviceName;
const char *realm;
- const char *guid_str;
const char *forest_name = samdb_forest_name(ldb, mem_ctx);
const char *base_domain = samdb_default_domain_name(ldb, mem_ctx);
struct loadparm_context *lp_ctx = talloc_get_type(ldb_get_opaque(ldb, "loadparm"),
@@ -475,9 +474,6 @@ static int acl_validate_spn_value(TALLOC_CTX *mem_ctx,
instanceName = principal->name.name_string.val[1];
serviceType = principal->name.name_string.val[0];
realm = krb5_principal_get_realm(krb_ctx, principal);
- guid_str = talloc_asprintf(mem_ctx,"%s._msdcs.%s",
- ntds_guid,
- forest_name);
if (principal->name.name_string.len == 3) {
serviceName = principal->name.name_string.val[2];
} else {
@@ -512,12 +508,15 @@ static int acl_validate_spn_value(TALLOC_CTX *mem_ctx,
} else if (strcasecmp(instanceName, dnsHostName) == 0) {
goto success;
} else if (is_dc) {
+ const char *guid_str;
+ guid_str = talloc_asprintf(mem_ctx,"%s._msdcs.%s",
+ ntds_guid,
+ forest_name);
if (strcasecmp(instanceName, guid_str) == 0) {
goto success;
}
- } else {
- goto fail;
}
+
fail:
krb5_free_principal(krb_ctx, principal);
krb5_free_context(krb_ctx);