summaryrefslogtreecommitdiff
path: root/source4/kdc
diff options
context:
space:
mode:
Diffstat (limited to 'source4/kdc')
-rw-r--r--source4/kdc/kdc.c16
-rw-r--r--source4/kdc/pac-glue.c21
2 files changed, 34 insertions, 3 deletions
diff --git a/source4/kdc/kdc.c b/source4/kdc/kdc.c
index 4e7865b5f9..f220357708 100644
--- a/source4/kdc/kdc.c
+++ b/source4/kdc/kdc.c
@@ -388,6 +388,19 @@ void kpasswdd_tcp_accept(struct stream_connection *conn)
kdcconn->kdc = kdc;
kdcconn->process = kpasswdd_process;
conn->private = kdcconn;
+ kdcconn->packet = packet_init(kdcconn);
+ if (kdcconn->packet == NULL) {
+ stream_terminate_connection(conn, "kdc_tcp_accept: out of memory");
+ return;
+ }
+ packet_set_private(kdcconn->packet, kdcconn);
+ packet_set_socket(kdcconn->packet, conn->socket);
+ packet_set_callback(kdcconn->packet, kdc_tcp_recv);
+ packet_set_full_request(kdcconn->packet, packet_full_request_u32);
+ packet_set_error_handler(kdcconn->packet, kdc_tcp_recv_error);
+ packet_set_event_context(kdcconn->packet, conn->event.ctx);
+ packet_set_fde(kdcconn->packet, conn->event.fde);
+ packet_set_serialise(kdcconn->packet);
}
static const struct stream_server_ops kpasswdd_tcp_stream_ops = {
@@ -556,9 +569,6 @@ static void kdc_task_init(struct task_server *task)
}
krb5_kdc_default_config(kdc->config);
- /* NAT and the like make this pointless, and painful */
- kdc->config->check_ticket_addresses = FALSE;
-
initialize_krb5_error_table();
ret = smb_krb5_init_context(kdc, &kdc->smb_krb5_context);
diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c
index 03b53fa3af..bd4d3e6a2f 100644
--- a/source4/kdc/pac-glue.c
+++ b/source4/kdc/pac-glue.c
@@ -324,6 +324,8 @@ krb5_error_code wrap_pac(krb5_context context, krb5_data *pac, AuthorizationData
TALLOC_CTX *tmp_ctx = talloc_new(entry_ex->private);
struct hdb_ldb_private *private = talloc_get_type(entry_ex->private, struct hdb_ldb_private);
char *name, *workstation = NULL;
+ int i;
+
if (!tmp_ctx) {
return ENOMEM;
}
@@ -331,7 +333,26 @@ krb5_error_code wrap_pac(krb5_context context, krb5_data *pac, AuthorizationData
ret = krb5_unparse_name(context, entry_ex->entry.principal, &name);
if (ret != 0) {
talloc_free(tmp_ctx);
+ return ret;
}
+
+ for (i=0; i < addresses->len; i++) {
+ if (addresses->val->addr_type == KRB5_ADDRESS_NETBIOS) {
+ workstation = talloc_strndup(tmp_ctx, addresses->val->address.data, MIN(addresses->val->address.length, 15));
+ if (workstation) {
+ break;
+ }
+ }
+ }
+
+ /* Strip space padding */
+ if (workstation) {
+ i = MIN(strlen(workstation), 15);
+ for (; i > 0 && workstation[i - 1] == ' '; i--) {
+ workstation[i - 1] = '\0';
+ }
+ }
+
nt_status = authsam_account_ok(tmp_ctx,
private->samdb,
MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT | MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT,
generated by cgit (git 2.34.1) at 2024-11-05 20:55:56 +0000