From 636dbb355b2e96fd61b0fd042c3916a4735995e2 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 19 Dec 2005 11:50:28 +0000 Subject: r12363: minor fixes for win2000 join/login - the objectClass needs to be added to the list of attributes to make the check for objectClass=computer work - the short version of the name needs to be used for the 'cn' in cracknames (This used to be commit 53f0fb77c3c1bd15620f1dbb12e0d8f9fededf4b) --- source4/auth/auth_sam.c | 3 ++- source4/dsdb/samdb/cracknames.c | 11 ++++++++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/source4/auth/auth_sam.c b/source4/auth/auth_sam.c index 95a7702822..49813a437d 100644 --- a/source4/auth/auth_sam.c +++ b/source4/auth/auth_sam.c @@ -64,7 +64,8 @@ static const char *user_attrs[] = { NULL, }; -static const char *domain_ref_attrs[] = {"nETBIOSName", "nCName", "dnsRoot", NULL}; +static const char *domain_ref_attrs[] = {"nETBIOSName", "nCName", + "dnsRoot", "objectClass", NULL}; /**************************************************************************** Do a specific test for an smb password being correct, given a smb_password and diff --git a/source4/dsdb/samdb/cracknames.c b/source4/dsdb/samdb/cracknames.c index 2010005a6b..977f992c08 100644 --- a/source4/dsdb/samdb/cracknames.c +++ b/source4/dsdb/samdb/cracknames.c @@ -453,11 +453,20 @@ WERROR DsCrackNameOneName(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx, krb5_free_principal(smb_krb5_context->krb5_context, principal); return WERR_NOMEM; } + service = principal->name.name_string.val[0]; if ((principal->name.name_string.len == 2) && (strcasecmp(service, "host") == 0)) { + /* the 'cn' attribute is just the leading part of the name */ + char *computer_name; + computer_name = talloc_strndup(mem_ctx, principal->name.name_string.val[1], + strcspn(principal->name.name_string.val[1], ".")); + if (computer_name == NULL) { + return WERR_NOMEM; + } + result_filter = talloc_asprintf(mem_ctx, "(|(&(servicePrincipalName=%s)(objectClass=user))(&(cn=%s)(objectClass=computer)))", ldb_binary_encode_string(mem_ctx, unparsed_name_short), - ldb_binary_encode_string(mem_ctx, principal->name.name_string.val[1])); + ldb_binary_encode_string(mem_ctx, computer_name)); } else { result_filter = talloc_asprintf(mem_ctx, "(&(servicePrincipalName=%s)(objectClass=user))", ldb_binary_encode_string(mem_ctx, unparsed_name_short)); -- cgit