From dbbb626dc0ad7b0100aec3ee3a787e1ac18f528a Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 6 Dec 2011 14:18:41 +1100 Subject: s4-dns Use match-by-key in GSSAPI server if principal is not specified This allows dlz_bind9 to match on exactly the same key as bind9 itself Andrew Bartlett Autobuild-User: Amitay Isaacs Autobuild-Date: Wed Dec 7 02:20:10 CET 2011 on sn-devel-104 --- source4/dns_server/dlz_bind9.c | 27 +++++---------------------- 1 file changed, 5 insertions(+), 22 deletions(-) (limited to 'source4') diff --git a/source4/dns_server/dlz_bind9.c b/source4/dns_server/dlz_bind9.c index 1240ab7cc3..97eaac8564 100644 --- a/source4/dns_server/dlz_bind9.c +++ b/source4/dns_server/dlz_bind9.c @@ -1043,17 +1043,6 @@ _PUBLIC_ isc_result_t dlz_configure(dns_view_t *view, void *dbdata) return ISC_R_SUCCESS; } -static char *strlower(char *str) -{ - int i; - - for (i=0; ismb_krb5_ctx); cli_credentials_set_conf(server_credentials, state->lp); - username = talloc_asprintf(tmp_ctx, "dns-%s", lpcfg_netbios_name(state->lp)); - username = strlower(username); - cli_credentials_set_username(server_credentials, username, CRED_SPECIFIED); - talloc_free(username); - keytab_name = talloc_asprintf(tmp_ctx, "file:%s/dns.keytab", lpcfg_private_dir(state->lp)); ret = cli_credentials_set_keytab_name(server_credentials, state->lp, keytab_name, CRED_SPECIFIED); - talloc_free(keytab_name); if (ret != 0) { - state->log(ISC_LOG_ERROR, "samba_dlz: failed to obtain server credentials for %s", - username); + state->log(ISC_LOG_ERROR, "samba_dlz: failed to obtain server credentials from %s", + keytab_name); talloc_free(tmp_ctx); return false; } + talloc_free(keytab_name); nt_status = gensec_server_start(tmp_ctx, lpcfg_gensec_settings(tmp_ctx, state->lp), @@ -1131,7 +1115,6 @@ _PUBLIC_ isc_boolean_t dlz_ssumatch(const char *signer, const char *name, const } gensec_set_credentials(gensec_ctx, server_credentials); - gensec_set_target_service(gensec_ctx, "dns"); nt_status = gensec_start_mech_by_name(gensec_ctx, "spnego"); if (!NT_STATUS_IS_OK(nt_status)) { -- cgit