diff options
author | Andrew Bartlett <abartlet@samba.org> | 2005-10-21 01:25:55 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:45:06 -0500 |
commit | 16bbafb7e862016e4c6281c32cc5b25adeae3cfc (patch) | |
tree | 3cdc7e0ca64b541ba61d7659b5b2867a39384175 /source4/rpc_server/drsuapi | |
parent | f203903f1cc00ce443632ac5e9f725276b6c22a2 (diff) | |
download | samba-16bbafb7e862016e4c6281c32cc5b25adeae3cfc.tar.gz samba-16bbafb7e862016e4c6281c32cc5b25adeae3cfc.tar.bz2 samba-16bbafb7e862016e4c6281c32cc5b25adeae3cfc.zip |
r11239: Use ${REALM} for the realm in rootdse.ldif
Add the kpasswd server to our KDC, implementing the 'original' and
Microsoft versions of the protocol.
This works with the Heimdal kpasswd client, but not with MIT, I think
due to ordering issues. It may not be worth the pain to have this
code go via GENSEC, as it is very, very tied to krb5.
This gets us one step closer to joins from Apple, Samba3 and other
similar implementations.
Andrew Bartlett
(This used to be commit ab5dbbe10a162286aa6694c7e08de43b48e34cdb)
Diffstat (limited to 'source4/rpc_server/drsuapi')
-rw-r--r-- | source4/rpc_server/drsuapi/drsuapi_cracknames.c | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/source4/rpc_server/drsuapi/drsuapi_cracknames.c b/source4/rpc_server/drsuapi/drsuapi_cracknames.c index 8adeb024d8..3a4d337154 100644 --- a/source4/rpc_server/drsuapi/drsuapi_cracknames.c +++ b/source4/rpc_server/drsuapi/drsuapi_cracknames.c @@ -768,3 +768,63 @@ WERROR dcesrv_drsuapi_DsCrackNames(struct dcesrv_call_state *dce_call, TALLOC_CT return WERR_UNKNOWN_LEVEL; } + +NTSTATUS crack_user_principal_name(struct ldb_context *sam_ctx, + TALLOC_CTX *mem_ctx, + const char *user_principal_name, + struct ldb_dn **user_dn, + struct ldb_dn **domain_dn) +{ + WERROR werr; + NTSTATUS status; + struct drsuapi_DsNameInfo1 info1; + werr = DsCrackNameOneName(sam_ctx, mem_ctx, 0, + DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL, + DRSUAPI_DS_NAME_FORMAT_FQDN_1779, + user_principal_name, + &info1); + if (!W_ERROR_IS_OK(werr)) { + return NT_STATUS_NO_MEMORY; + } + switch (info1.status) { + case DRSUAPI_DS_NAME_STATUS_OK: + break; + case DRSUAPI_DS_NAME_STATUS_NOT_FOUND: + case DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY: + case DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE: + return NT_STATUS_NO_SUCH_USER; + case DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR: + default: + return NT_STATUS_UNSUCCESSFUL; + } + + *user_dn = ldb_dn_explode(mem_ctx, info1.result_name); + + if (domain_dn) { + werr = DsCrackNameOneName(sam_ctx, mem_ctx, 0, + DRSUAPI_DS_NAME_FORMAT_CANONICAL, + DRSUAPI_DS_NAME_FORMAT_FQDN_1779, + talloc_asprintf(mem_ctx, "%s/", + info1.dns_domain_name), + &info1); + if (!W_ERROR_IS_OK(werr)) { + return NT_STATUS_NO_MEMORY; + } + switch (info1.status) { + case DRSUAPI_DS_NAME_STATUS_OK: + break; + case DRSUAPI_DS_NAME_STATUS_NOT_FOUND: + case DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY: + case DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE: + return NT_STATUS_NO_SUCH_USER; + case DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR: + default: + return NT_STATUS_UNSUCCESSFUL; + } + + *domain_dn = ldb_dn_explode(mem_ctx, info1.result_name); + } + + return NT_STATUS_OK; + +} |