diff options
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/acl.c | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c index af13955771..a96ea374a7 100644 --- a/source4/dsdb/samdb/ldb_modules/acl.c +++ b/source4/dsdb/samdb/ldb_modules/acl.c @@ -450,7 +450,6 @@ static int acl_validate_spn_value(TALLOC_CTX *mem_ctx, char *serviceType; char *serviceName; const char *realm; - const char *guid_str; const char *forest_name = samdb_forest_name(ldb, mem_ctx); const char *base_domain = samdb_default_domain_name(ldb, mem_ctx); struct loadparm_context *lp_ctx = talloc_get_type(ldb_get_opaque(ldb, "loadparm"), @@ -475,9 +474,6 @@ static int acl_validate_spn_value(TALLOC_CTX *mem_ctx, instanceName = principal->name.name_string.val[1]; serviceType = principal->name.name_string.val[0]; realm = krb5_principal_get_realm(krb_ctx, principal); - guid_str = talloc_asprintf(mem_ctx,"%s._msdcs.%s", - ntds_guid, - forest_name); if (principal->name.name_string.len == 3) { serviceName = principal->name.name_string.val[2]; } else { @@ -512,12 +508,15 @@ static int acl_validate_spn_value(TALLOC_CTX *mem_ctx, } else if (strcasecmp(instanceName, dnsHostName) == 0) { goto success; } else if (is_dc) { + const char *guid_str; + guid_str = talloc_asprintf(mem_ctx,"%s._msdcs.%s", + ntds_guid, + forest_name); if (strcasecmp(instanceName, guid_str) == 0) { goto success; } - } else { - goto fail; } + fail: krb5_free_principal(krb_ctx, principal); krb5_free_context(krb_ctx); |