From f1b1a66615bfceb4d53c11140aceba2412d0ec37 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 30 Jun 2011 14:20:22 +1000
Subject: s4-dsdb Allow a servicePrincipalName of machine$

This is pointless, but MacOS X (version 10.6.8 was tested) apparently
sets machine$ into this field.

Andrew Bartlett
---
 source4/dsdb/samdb/ldb_modules/acl.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c
index b6eb56376c..98bf43d21e 100644
--- a/source4/dsdb/samdb/ldb_modules/acl.c
+++ b/source4/dsdb/samdb/ldb_modules/acl.c
@@ -457,6 +457,12 @@ static int acl_validate_spn_value(TALLOC_CTX *mem_ctx,
 	bool is_dc = (userAccountControl & UF_SERVER_TRUST_ACCOUNT) ||
 		(userAccountControl & UF_PARTIAL_SECRETS_ACCOUNT);
 
+	if (strcasecmp_m(spn_value, samAccountName) == 0) {
+		/* MacOS X sets this value, and setting an SPN of your
+		 * own samAccountName is both pointless and safe */
+		return LDB_SUCCESS;
+	}
+
 	kerr = smb_krb5_init_context_basic(mem_ctx,
 					   lp_ctx,
 					   &krb_ctx);
-- 
cgit