diff options
author | Andrew Bartlett <abartlet@samba.org> | 2007-08-28 04:35:29 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 15:02:59 -0500 |
commit | 362ff066903524c710c53b92aad26671c8ebaa42 (patch) | |
tree | 36ff44b63ba45187e4d240cadc258a9e60b423f9 /source4 | |
parent | 73388ce54c5910ee407af6b70e25597d0b696a58 (diff) | |
download | samba-362ff066903524c710c53b92aad26671c8ebaa42.tar.gz samba-362ff066903524c710c53b92aad26671c8ebaa42.tar.bz2 samba-362ff066903524c710c53b92aad26671c8ebaa42.zip |
r24730: Allow secrets entries to be for service principals.
Andrew Bartlett
(This used to be commit 7865d10a299a84ed42de4435b7e6400d56161ac5)
Diffstat (limited to 'source4')
-rw-r--r-- | source4/auth/credentials/credentials_files.c | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/source4/auth/credentials/credentials_files.c b/source4/auth/credentials/credentials_files.c index 7bf94de12f..2b6bc4f9d6 100644 --- a/source4/auth/credentials/credentials_files.c +++ b/source4/auth/credentials/credentials_files.c @@ -188,6 +188,7 @@ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred, "saltPrincipal", "privateKeytab", "krb5Keytab", + "servicePrincipalName", NULL }; @@ -246,12 +247,16 @@ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred, machine_account = ldb_msg_find_attr_as_string(msgs[0], "samAccountName", NULL); if (!machine_account) { - DEBUG(1, ("Could not find 'samAccountName' in join record to domain: %s: filter: '%s' base: '%s'\n", - cli_credentials_get_domain(cred), filter, base)); - /* set anonymous as the fallback, if the machine account won't work */ - cli_credentials_set_anonymous(cred); - talloc_free(mem_ctx); - return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; + machine_account = ldb_msg_find_attr_as_string(msgs[0], "servicePrincipalName", NULL); + + if (!machine_account) { + DEBUG(1, ("Could not find 'samAccountName' in join record to domain: %s: filter: '%s' base: '%s'\n", + cli_credentials_get_domain(cred), filter, base)); + /* set anonymous as the fallback, if the machine account won't work */ + cli_credentials_set_anonymous(cred); + talloc_free(mem_ctx); + return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; + } } salt_principal = ldb_msg_find_attr_as_string(msgs[0], "saltPrincipal", NULL); |