diff options
author | Stefan Metzmacher <metze@samba.org> | 2007-01-19 15:14:45 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 14:43:50 -0500 |
commit | 89278a1469fe8f6c6080d6cb6b81de504802470d (patch) | |
tree | 34c433d3703ffcc6f6ad321141346646caf33281 | |
parent | c2e492ece3e5dd39c3c113dfe7f745fc900a5dc0 (diff) | |
download | samba-89278a1469fe8f6c6080d6cb6b81de504802470d.tar.gz samba-89278a1469fe8f6c6080d6cb6b81de504802470d.tar.bz2 samba-89278a1469fe8f6c6080d6cb6b81de504802470d.zip |
r20906: allow LDAP simple binds using the following syntaxes in the DN field:
CN=Administrator,CN=Users,DC=w2k3,DC=vmnet1,DC=vm,DC=base
Administrator@W2K3
W2K3\Administrator
w2k3.vmnet1.vm.base/Users/Administrator
w2k3 also allows this (and maybe more...?)
metze
(This used to be commit 40c27ef88df9021e9ef2a6c43aabab709ac9662f)
-rw-r--r-- | source4/dsdb/samdb/cracknames.c | 41 | ||||
-rw-r--r-- | source4/ldap_server/ldap_bind.c | 2 |
2 files changed, 35 insertions, 8 deletions
diff --git a/source4/dsdb/samdb/cracknames.c b/source4/dsdb/samdb/cracknames.c index 28c9890db5..02644c78f1 100644 --- a/source4/dsdb/samdb/cracknames.c +++ b/source4/dsdb/samdb/cracknames.c @@ -996,9 +996,10 @@ NTSTATUS crack_service_principal_name(struct ldb_context *sam_ctx, } -NTSTATUS crack_dn_to_nt4_name(TALLOC_CTX *mem_ctx, - const char *dn, - const char **nt4_domain, const char **nt4_account) +NTSTATUS crack_name_to_nt4_name(TALLOC_CTX *mem_ctx, + uint32_t format_offered, + const char *name, + const char **nt4_domain, const char **nt4_account) { WERROR werr; struct drsuapi_DsNameInfo1 info1; @@ -1006,7 +1007,7 @@ NTSTATUS crack_dn_to_nt4_name(TALLOC_CTX *mem_ctx, char *p; /* Handle anonymous bind */ - if (!dn || !*dn) { + if (!name || !*name) { *nt4_domain = ""; *nt4_account = ""; return NT_STATUS_OK; @@ -1018,9 +1019,9 @@ NTSTATUS crack_dn_to_nt4_name(TALLOC_CTX *mem_ctx, } werr = DsCrackNameOneName(ldb, mem_ctx, 0, - DRSUAPI_DS_NAME_FORMAT_FQDN_1779, + format_offered, DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT, - dn, + name, &info1); if (!W_ERROR_IS_OK(werr)) { return werror_to_ntstatus(werr); @@ -1054,5 +1055,31 @@ NTSTATUS crack_dn_to_nt4_name(TALLOC_CTX *mem_ctx, } return NT_STATUS_OK; - +} + +NTSTATUS crack_auto_name_to_nt4_name(TALLOC_CTX *mem_ctx, + const char *name, + const char **nt4_domain, + const char **nt4_account) +{ + uint32_t format_offered = DRSUAPI_DS_NAME_FORMAT_UKNOWN; + + /* Handle anonymous bind */ + if (!name || !*name) { + *nt4_domain = ""; + *nt4_account = ""; + return NT_STATUS_OK; + } + + if (strchr_m(name, '=')) { + format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779; + } else if (strchr_m(name, '@')) { + format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL; + } else if (strchr_m(name, '\\')) { + format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT; + } else if (strchr_m(name, '/')) { + format_offered = DRSUAPI_DS_NAME_FORMAT_CANONICAL; + } + + return crack_name_to_nt4_name(mem_ctx, format_offered, name, nt4_domain, nt4_account); } diff --git a/source4/ldap_server/ldap_bind.c b/source4/ldap_server/ldap_bind.c index f88d08e822..3d5df58e21 100644 --- a/source4/ldap_server/ldap_bind.c +++ b/source4/ldap_server/ldap_bind.c @@ -45,7 +45,7 @@ static NTSTATUS ldapsrv_BindSimple(struct ldapsrv_call *call) DEBUG(10, ("BindSimple dn: %s\n",req->dn)); - status = crack_dn_to_nt4_name(call, req->dn, &nt4_domain, &nt4_account); + status = crack_auto_name_to_nt4_name(call, req->dn, &nt4_domain, &nt4_account); if (NT_STATUS_IS_OK(status)) { status = authenticate_username_pw(call, call->conn->connection->event.ctx, |