diff options
author | Andrew Bartlett <abartlet@samba.org> | 2011-06-30 14:20:22 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2011-07-01 10:43:29 +1000 |
commit | f1b1a66615bfceb4d53c11140aceba2412d0ec37 (patch) | |
tree | e79e4ffe2abab670f10b0c10dcd63570686e6923 /source4/dsdb/samdb | |
parent | 1053a24a87f341fcd5578db56bc8b3962e63bb98 (diff) | |
download | samba-f1b1a66615bfceb4d53c11140aceba2412d0ec37.tar.gz samba-f1b1a66615bfceb4d53c11140aceba2412d0ec37.tar.bz2 samba-f1b1a66615bfceb4d53c11140aceba2412d0ec37.zip |
s4-dsdb Allow a servicePrincipalName of machine$
This is pointless, but MacOS X (version 10.6.8 was tested) apparently
sets machine$ into this field.
Andrew Bartlett
Diffstat (limited to 'source4/dsdb/samdb')
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/acl.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c index b6eb56376c..98bf43d21e 100644 --- a/source4/dsdb/samdb/ldb_modules/acl.c +++ b/source4/dsdb/samdb/ldb_modules/acl.c @@ -457,6 +457,12 @@ static int acl_validate_spn_value(TALLOC_CTX *mem_ctx, bool is_dc = (userAccountControl & UF_SERVER_TRUST_ACCOUNT) || (userAccountControl & UF_PARTIAL_SECRETS_ACCOUNT); + if (strcasecmp_m(spn_value, samAccountName) == 0) { + /* MacOS X sets this value, and setting an SPN of your + * own samAccountName is both pointless and safe */ + return LDB_SUCCESS; + } + kerr = smb_krb5_init_context_basic(mem_ctx, lp_ctx, &krb_ctx); |