summaryrefslogtreecommitdiff
path: root/source4/dsdb
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2005-10-28 05:14:51 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:45:23 -0500
commit256a872763f1a5811cf021612b89517433faf5a2 (patch)
treea162c2ab51f7afe2603ee89361364911c4c98ef0 /source4/dsdb
parent09bfb8ffb06145308aa31543faa9f5f102ac2642 (diff)
downloadsamba-256a872763f1a5811cf021612b89517433faf5a2.tar.gz
samba-256a872763f1a5811cf021612b89517433faf5a2.tar.bz2
samba-256a872763f1a5811cf021612b89517433faf5a2.zip
r11356: More cracknames work. This copes with a lookup for a
servicePrincipalName with a realm, which always returns 'domain only', with the realm as the domain. Andrew Bartlett (This used to be commit 476cd0c649d69f682dee27c1ae2a73b870b300d0)
Diffstat (limited to 'source4/dsdb')
-rw-r--r--source4/dsdb/samdb/cracknames.c22
1 files changed, 21 insertions, 1 deletions
diff --git a/source4/dsdb/samdb/cracknames.c b/source4/dsdb/samdb/cracknames.c
index b5c10176b6..16afccda81 100644
--- a/source4/dsdb/samdb/cracknames.c
+++ b/source4/dsdb/samdb/cracknames.c
@@ -408,7 +408,27 @@ WERROR DsCrackNameOneName(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx,
krb5_principal principal;
char *unparsed_name_short;
ret = krb5_parse_name_norealm(smb_krb5_context->krb5_context, name, &principal);
- if (ret || (principal->name.name_string.len < 2)) {
+ if (ret) {
+ /* perhaps it's a principal with a realm, so return the right 'domain only' response */
+ char **realm;
+ ret = krb5_parse_name_mustrealm(smb_krb5_context->krb5_context, name, &principal);
+ if (ret) {
+ info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
+ return WERR_OK;
+ }
+
+ /* This isn't an allocation assignemnt, so it is free'ed with the krb5_free_principal */
+ realm = krb5_princ_realm(smb_krb5_context->krb5_context, principal);
+
+ info1->dns_domain_name = talloc_strdup(info1, *realm);
+ krb5_free_principal(smb_krb5_context->krb5_context, principal);
+
+ WERR_TALLOC_CHECK(info1->dns_domain_name);
+
+ info1->status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY;
+ return WERR_OK;
+
+ } else if (principal->name.name_string.len < 2) {
info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
return WERR_OK;
}