svn commit: samba r12362 - in branches/SAMBA_4_0/source/kdc: .

abartlet at samba.org abartlet at samba.org
Mon Dec 19 07:11:59 GMT 2005 

Author: abartlet
Date: 2005-12-19 07:11:58 +0000 (Mon, 19 Dec 2005)
New Revision: 12362

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=12362

Log:
Along with a cracknames change in the previous commit, this should
allow Win2000 machines to again use kerberos with Samba4.

Andrew Bartlett

Modified:
   branches/SAMBA_4_0/source/kdc/hdb-ldb.c


Changeset:
Modified: branches/SAMBA_4_0/source/kdc/hdb-ldb.c
===================================================================
--- branches/SAMBA_4_0/source/kdc/hdb-ldb.c	2005-12-19 07:07:11 UTC (rev 12361)
+++ branches/SAMBA_4_0/source/kdc/hdb-ldb.c	2005-12-19 07:11:58 UTC (rev 12362)
@@ -225,6 +225,7 @@
 	unsigned int userAccountControl;
 	int i;
 	krb5_error_code ret = 0;
+	krb5_boolean is_computer = FALSE;
 	const char *dnsdomain = ldb_msg_find_string(realm_ref_msg, "dnsRoot", NULL);
 	char *realm = strupper_talloc(mem_ctx, dnsdomain);
 	struct ldb_dn *domain_dn = samdb_result_dn(mem_ctx, realm_ref_msg, "nCName", ldb_dn_new(mem_ctx));
@@ -232,6 +233,17 @@
 	struct hdb_ldb_private *private;
 	NTTIME acct_expiry;
 
+	struct ldb_message_element *objectclasses;
+	struct ldb_val computer_val;
+	computer_val.data = discard_const_p(uint8_t,"computer");
+	computer_val.length = strlen((const char *)computer_val.data);
+	
+	objectclasses = ldb_msg_find_element(msg, "objectClass");
+	
+	if (objectclasses && ldb_msg_find_val(objectclasses, &computer_val)) {
+		is_computer = TRUE;
+	}
+
 	memset(entry_ex, 0, sizeof(*entry_ex));
 
 	krb5_warnx(context, "LDB_message2entry:\n");
@@ -256,6 +268,7 @@
 	entry_ex->free_entry = hdb_ldb_free_entry;
 
 	userAccountControl = ldb_msg_find_uint(msg, "userAccountControl", 0);
+
 	
 	entry_ex->entry.principal = malloc(sizeof(*(entry_ex->entry.principal)));
 	if (ent_type == HDB_LDB_ENT_TYPE_ANY && principal == NULL) {
@@ -306,7 +319,7 @@
 	}
 
 	if (lp_parm_bool(-1, "kdc", "require spn for service", True)) {
-		if (!ldb_msg_find_string(msg, "servicePrincipalName", NULL)) {
+		if (!is_computer && !ldb_msg_find_string(msg, "servicePrincipalName", NULL)) {
 			entry_ex->entry.flags.server = 0;
 		}
 	}
@@ -377,14 +390,7 @@
 
 		Principal *salt_principal;
 		const char *user_principal_name = ldb_msg_find_string(msg, "userPrincipalName", NULL);
-		struct ldb_message_element *objectclasses;
-		struct ldb_val computer_val;
-		computer_val.data = discard_const_p(uint8_t,"computer");
-		computer_val.length = strlen((const char *)computer_val.data);
-		
-		objectclasses = ldb_msg_find_element(msg, "objectClass");
-
-		if (objectclasses && ldb_msg_find_val(objectclasses, &computer_val)) {
+		if (is_computer) {
 			/* Determine a salting principal */
 			char *samAccountName = talloc_strdup(mem_ctx, ldb_msg_find_string(msg, "samAccountName", NULL));
 			char *saltbody;

More information about the samba-cvs mailing list