From ef9ec9583d2efa78220edd65bd93ead955792b3e Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 27 Nov 2005 02:02:44 +0000 Subject: r11930: Add socket/packet handling code for kpasswdd Allow ticket requests with only a netbios name to be considered 'null' addresses, and therefore allowed by default. Use the netbios address as the workstation name for the allowed workstations check with krb5. Andrew Bartlett (This used to be commit 328fa186f2df5cdd42be679d92b5f07f7ed22d87) --- source4/kdc/pac-glue.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) (limited to 'source4/kdc/pac-glue.c') diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c index 03b53fa3af..bd4d3e6a2f 100644 --- a/source4/kdc/pac-glue.c +++ b/source4/kdc/pac-glue.c @@ -324,6 +324,8 @@ krb5_error_code wrap_pac(krb5_context context, krb5_data *pac, AuthorizationData TALLOC_CTX *tmp_ctx = talloc_new(entry_ex->private); struct hdb_ldb_private *private = talloc_get_type(entry_ex->private, struct hdb_ldb_private); char *name, *workstation = NULL; + int i; + if (!tmp_ctx) { return ENOMEM; } @@ -331,7 +333,26 @@ krb5_error_code wrap_pac(krb5_context context, krb5_data *pac, AuthorizationData ret = krb5_unparse_name(context, entry_ex->entry.principal, &name); if (ret != 0) { talloc_free(tmp_ctx); + return ret; } + + for (i=0; i < addresses->len; i++) { + if (addresses->val->addr_type == KRB5_ADDRESS_NETBIOS) { + workstation = talloc_strndup(tmp_ctx, addresses->val->address.data, MIN(addresses->val->address.length, 15)); + if (workstation) { + break; + } + } + } + + /* Strip space padding */ + if (workstation) { + i = MIN(strlen(workstation), 15); + for (; i > 0 && workstation[i - 1] == ' '; i--) { + workstation[i - 1] = '\0'; + } + } + nt_status = authsam_account_ok(tmp_ctx, private->samdb, MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT | MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT, -- cgit