summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2011-09-28 14:18:14 +1000
committerAndrew Tridgell <tridge@samba.org>2011-10-04 15:08:57 +1100
commit6b69ecd0293d827b7429cfd75cf4a13ab4e40ce5 (patch)
treeeb1b0806cfefe9d12c42f83448635c31a9d7a6b3
parentb930b1e1fc52b999141918cf0d06d66bfbbf1fa4 (diff)
downloadsamba-6b69ecd0293d827b7429cfd75cf4a13ab4e40ce5.tar.gz
samba-6b69ecd0293d827b7429cfd75cf4a13ab4e40ce5.tar.bz2
samba-6b69ecd0293d827b7429cfd75cf4a13ab4e40ce5.zip
heimdal: handle referrals for 3 part DRSUAPI SPNs
This handles referrals for SPNs of the form E3514235-4B06-11D1-AB04-00C04FC2DCD2/NTDSGUID/REALM, which are used during DRS replication when we don't know the dnsHostName of the target DC (which we don't know until the first replication from that DC completes). We use the 3rd part of the SPN directly as the realm name in the referral. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
-rw-r--r--source4/heimdal/kdc/krb5tgs.c19
1 files changed, 18 insertions, 1 deletions
diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c
index 7955876822..96ee9ccc30 100644
--- a/source4/heimdal/kdc/krb5tgs.c
+++ b/source4/heimdal/kdc/krb5tgs.c
@@ -1121,7 +1121,24 @@ need_referral(krb5_context context, krb5_kdc_configuration *config,
if (server->name.name_string.len == 1)
name = server->name.name_string.val[0];
- else if (server->name.name_string.len > 1)
+ else if (server->name.name_string.len == 3 &&
+ strcasecmp("E3514235-4B06-11D1-AB04-00C04FC2DCD2", server->name.name_string.val[0]) == 0) {
+ /*
+ This is used to give referrals for the
+ E3514235-4B06-11D1-AB04-00C04FC2DCD2/NTDSGUID/DNSDOMAIN
+ SPN form, which is used for inter-domain communication in AD
+ */
+ name = server->name.name_string.val[2];
+ kdc_log(context, config, 0, "Giving 3 part DRSUAPI referral for %s", name);
+ *realms = malloc(sizeof(char *)*2);
+ if (*realms == NULL) {
+ krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
+ return FALSE;
+ }
+ (*realms)[0] = strdup(name);
+ (*realms)[1] = NULL;
+ return TRUE;
+ } else if (server->name.name_string.len > 1)
name = server->name.name_string.val[1];
else
return FALSE;