summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/kdc/hdb-ldb.c24
1 files changed, 15 insertions, 9 deletions
diff --git a/source4/kdc/hdb-ldb.c b/source4/kdc/hdb-ldb.c
index 1ab52ecb68..367c211b90 100644
--- a/source4/kdc/hdb-ldb.c
+++ b/source4/kdc/hdb-ldb.c
@@ -225,6 +225,7 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db,
unsigned int userAccountControl;
int i;
krb5_error_code ret = 0;
+ krb5_boolean is_computer = FALSE;
const char *dnsdomain = ldb_msg_find_string(realm_ref_msg, "dnsRoot", NULL);
char *realm = strupper_talloc(mem_ctx, dnsdomain);
struct ldb_dn *domain_dn = samdb_result_dn(mem_ctx, realm_ref_msg, "nCName", ldb_dn_new(mem_ctx));
@@ -232,6 +233,17 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db,
struct hdb_ldb_private *private;
NTTIME acct_expiry;
+ struct ldb_message_element *objectclasses;
+ struct ldb_val computer_val;
+ computer_val.data = discard_const_p(uint8_t,"computer");
+ computer_val.length = strlen((const char *)computer_val.data);
+
+ objectclasses = ldb_msg_find_element(msg, "objectClass");
+
+ if (objectclasses && ldb_msg_find_val(objectclasses, &computer_val)) {
+ is_computer = TRUE;
+ }
+
memset(entry_ex, 0, sizeof(*entry_ex));
krb5_warnx(context, "LDB_message2entry:\n");
@@ -256,6 +268,7 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db,
entry_ex->free_entry = hdb_ldb_free_entry;
userAccountControl = ldb_msg_find_uint(msg, "userAccountControl", 0);
+
entry_ex->entry.principal = malloc(sizeof(*(entry_ex->entry.principal)));
if (ent_type == HDB_LDB_ENT_TYPE_ANY && principal == NULL) {
@@ -306,7 +319,7 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db,
}
if (lp_parm_bool(-1, "kdc", "require spn for service", True)) {
- if (!ldb_msg_find_string(msg, "servicePrincipalName", NULL)) {
+ if (!is_computer && !ldb_msg_find_string(msg, "servicePrincipalName", NULL)) {
entry_ex->entry.flags.server = 0;
}
}
@@ -377,14 +390,7 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db,
Principal *salt_principal;
const char *user_principal_name = ldb_msg_find_string(msg, "userPrincipalName", NULL);
- struct ldb_message_element *objectclasses;
- struct ldb_val computer_val;
- computer_val.data = discard_const_p(uint8_t,"computer");
- computer_val.length = strlen((const char *)computer_val.data);
-
- objectclasses = ldb_msg_find_element(msg, "objectClass");
-
- if (objectclasses && ldb_msg_find_val(objectclasses, &computer_val)) {
+ if (is_computer) {
/* Determine a salting principal */
char *samAccountName = talloc_strdup(mem_ctx, ldb_msg_find_string(msg, "samAccountName", NULL));
char *saltbody;