From 6ef65389fd2f2bdcafe840e0cd0221bb9f26bdfc Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 26 May 2009 12:31:39 +1000 Subject: Don't use crossRef records to find our own domain A single AD server can only host a single domain, so don't stuff about with looking up our crossRef record in the cn=Partitions container. We instead trust that lp_realm() and lp_workgroup() works correctly. Andrew Bartlett --- source4/kdc/pac-glue.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'source4/kdc/pac-glue.c') diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c index 1a0df8e4a1..411e752c04 100644 --- a/source4/kdc/pac-glue.c +++ b/source4/kdc/pac-glue.c @@ -3,7 +3,7 @@ PAC Glue between Samba and the KDC - Copyright (C) Andrew Bartlett 2005 + Copyright (C) Andrew Bartlett 2005-2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -29,6 +29,7 @@ #include "auth/auth_sam.h" #include "auth/auth_sam_reply.h" #include "kdc/kdc.h" +#include "param/param.h" struct krb5_dh_moduli; struct _krb5_krb_auth_data; @@ -127,9 +128,10 @@ krb5_error_code samba_kdc_get_pac(void *priv, } nt_status = authsam_make_server_info(mem_ctx, p->samdb, - p->netbios_name, + lp_netbios_name(p->lp_ctx), + lp_sam_name(p->lp_ctx), + p->realm_dn, p->msg, - p->realm_ref_msg, data_blob(NULL, 0), data_blob(NULL, 0), &server_info); @@ -274,8 +276,8 @@ krb5_error_code samba_kdc_check_client_access(void *priv, nt_status = authsam_account_ok(tmp_ctx, p->samdb, MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT | MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT, + p->realm_dn, p->msg, - p->realm_ref_msg, workstation, name, true); free(name); -- cgit