From 6b69ecd0293d827b7429cfd75cf4a13ab4e40ce5 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 28 Sep 2011 14:18:14 +1000 Subject: heimdal: handle referrals for 3 part DRSUAPI SPNs This handles referrals for SPNs of the form E3514235-4B06-11D1-AB04-00C04FC2DCD2/NTDSGUID/REALM, which are used during DRS replication when we don't know the dnsHostName of the target DC (which we don't know until the first replication from that DC completes). We use the 3rd part of the SPN directly as the realm name in the referral. Pair-Programmed-With: Andrew Bartlett --- source4/heimdal/kdc/krb5tgs.c | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c index 7955876822..96ee9ccc30 100644 --- a/source4/heimdal/kdc/krb5tgs.c +++ b/source4/heimdal/kdc/krb5tgs.c @@ -1121,7 +1121,24 @@ need_referral(krb5_context context, krb5_kdc_configuration *config, if (server->name.name_string.len == 1) name = server->name.name_string.val[0]; - else if (server->name.name_string.len > 1) + else if (server->name.name_string.len == 3 && + strcasecmp("E3514235-4B06-11D1-AB04-00C04FC2DCD2", server->name.name_string.val[0]) == 0) { + /* + This is used to give referrals for the + E3514235-4B06-11D1-AB04-00C04FC2DCD2/NTDSGUID/DNSDOMAIN + SPN form, which is used for inter-domain communication in AD + */ + name = server->name.name_string.val[2]; + kdc_log(context, config, 0, "Giving 3 part DRSUAPI referral for %s", name); + *realms = malloc(sizeof(char *)*2); + if (*realms == NULL) { + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); + return FALSE; + } + (*realms)[0] = strdup(name); + (*realms)[1] = NULL; + return TRUE; + } else if (server->name.name_string.len > 1) name = server->name.name_string.val[1]; else return FALSE; -- cgit