diff options
author | Andrew Bartlett <abartlet@samba.org> | 2009-05-26 12:31:39 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2009-05-26 12:37:09 +1000 |
commit | 6ef65389fd2f2bdcafe840e0cd0221bb9f26bdfc (patch) | |
tree | 04df0bce183d759a17d25483f302ed56d65e8153 /source4/kdc/pac-glue.c | |
parent | 86039855759ce38e6074f956073199b0ccd29bdf (diff) | |
download | samba-6ef65389fd2f2bdcafe840e0cd0221bb9f26bdfc.tar.gz samba-6ef65389fd2f2bdcafe840e0cd0221bb9f26bdfc.tar.bz2 samba-6ef65389fd2f2bdcafe840e0cd0221bb9f26bdfc.zip |
Don't use crossRef records to find our own domain
A single AD server can only host a single domain, so don't stuff about
with looking up our crossRef record in the cn=Partitions container.
We instead trust that lp_realm() and lp_workgroup() works correctly.
Andrew Bartlett
Diffstat (limited to 'source4/kdc/pac-glue.c')
-rw-r--r-- | source4/kdc/pac-glue.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c index 1a0df8e4a1..411e752c04 100644 --- a/source4/kdc/pac-glue.c +++ b/source4/kdc/pac-glue.c @@ -3,7 +3,7 @@ PAC Glue between Samba and the KDC - Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005 + Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005-2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -29,6 +29,7 @@ #include "auth/auth_sam.h" #include "auth/auth_sam_reply.h" #include "kdc/kdc.h" +#include "param/param.h" struct krb5_dh_moduli; struct _krb5_krb_auth_data; @@ -127,9 +128,10 @@ krb5_error_code samba_kdc_get_pac(void *priv, } nt_status = authsam_make_server_info(mem_ctx, p->samdb, - p->netbios_name, + lp_netbios_name(p->lp_ctx), + lp_sam_name(p->lp_ctx), + p->realm_dn, p->msg, - p->realm_ref_msg, data_blob(NULL, 0), data_blob(NULL, 0), &server_info); @@ -274,8 +276,8 @@ krb5_error_code samba_kdc_check_client_access(void *priv, nt_status = authsam_account_ok(tmp_ctx, p->samdb, MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT | MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT, + p->realm_dn, p->msg, - p->realm_ref_msg, workstation, name, true); free(name); |