diff options
author | Andrew Bartlett <abartlet@samba.org> | 2005-12-19 07:11:58 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:47:31 -0500 |
commit | 512b94803df6c3ca3882bd88fcb9b0d94383fc7a (patch) | |
tree | 17e813071b9a35279c880d5f08f9dcb67d0e2883 /source4/kdc | |
parent | bceca723044e9cf5d835e8d732be3ab57906505e (diff) | |
download | samba-512b94803df6c3ca3882bd88fcb9b0d94383fc7a.tar.gz samba-512b94803df6c3ca3882bd88fcb9b0d94383fc7a.tar.bz2 samba-512b94803df6c3ca3882bd88fcb9b0d94383fc7a.zip |
r12362: Along with a cracknames change in the previous commit, this should
allow Win2000 machines to again use kerberos with Samba4.
Andrew Bartlett
(This used to be commit 5770409dcd0151a7303b16c565b1f68845b8622d)
Diffstat (limited to 'source4/kdc')
-rw-r--r-- | source4/kdc/hdb-ldb.c | 24 |
1 files changed, 15 insertions, 9 deletions
diff --git a/source4/kdc/hdb-ldb.c b/source4/kdc/hdb-ldb.c index 1ab52ecb68..367c211b90 100644 --- a/source4/kdc/hdb-ldb.c +++ b/source4/kdc/hdb-ldb.c @@ -225,6 +225,7 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db, unsigned int userAccountControl; int i; krb5_error_code ret = 0; + krb5_boolean is_computer = FALSE; const char *dnsdomain = ldb_msg_find_string(realm_ref_msg, "dnsRoot", NULL); char *realm = strupper_talloc(mem_ctx, dnsdomain); struct ldb_dn *domain_dn = samdb_result_dn(mem_ctx, realm_ref_msg, "nCName", ldb_dn_new(mem_ctx)); @@ -232,6 +233,17 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db, struct hdb_ldb_private *private; NTTIME acct_expiry; + struct ldb_message_element *objectclasses; + struct ldb_val computer_val; + computer_val.data = discard_const_p(uint8_t,"computer"); + computer_val.length = strlen((const char *)computer_val.data); + + objectclasses = ldb_msg_find_element(msg, "objectClass"); + + if (objectclasses && ldb_msg_find_val(objectclasses, &computer_val)) { + is_computer = TRUE; + } + memset(entry_ex, 0, sizeof(*entry_ex)); krb5_warnx(context, "LDB_message2entry:\n"); @@ -256,6 +268,7 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db, entry_ex->free_entry = hdb_ldb_free_entry; userAccountControl = ldb_msg_find_uint(msg, "userAccountControl", 0); + entry_ex->entry.principal = malloc(sizeof(*(entry_ex->entry.principal))); if (ent_type == HDB_LDB_ENT_TYPE_ANY && principal == NULL) { @@ -306,7 +319,7 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db, } if (lp_parm_bool(-1, "kdc", "require spn for service", True)) { - if (!ldb_msg_find_string(msg, "servicePrincipalName", NULL)) { + if (!is_computer && !ldb_msg_find_string(msg, "servicePrincipalName", NULL)) { entry_ex->entry.flags.server = 0; } } @@ -377,14 +390,7 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db, Principal *salt_principal; const char *user_principal_name = ldb_msg_find_string(msg, "userPrincipalName", NULL); - struct ldb_message_element *objectclasses; - struct ldb_val computer_val; - computer_val.data = discard_const_p(uint8_t,"computer"); - computer_val.length = strlen((const char *)computer_val.data); - - objectclasses = ldb_msg_find_element(msg, "objectClass"); - - if (objectclasses && ldb_msg_find_val(objectclasses, &computer_val)) { + if (is_computer) { /* Determine a salting principal */ char *samAccountName = talloc_strdup(mem_ctx, ldb_msg_find_string(msg, "samAccountName", NULL)); char *saltbody; |