svn commit: samba r12362 - in branches/SAMBA_4_0/source/kdc: .
abartlet at samba.org
abartlet at samba.org
Mon Dec 19 07:11:59 GMT 2005
Author: abartlet
Date: 2005-12-19 07:11:58 +0000 (Mon, 19 Dec 2005)
New Revision: 12362
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=12362
Log:
Along with a cracknames change in the previous commit, this should
allow Win2000 machines to again use kerberos with Samba4.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/kdc/hdb-ldb.c
Changeset:
Modified: branches/SAMBA_4_0/source/kdc/hdb-ldb.c
===================================================================
--- branches/SAMBA_4_0/source/kdc/hdb-ldb.c 2005-12-19 07:07:11 UTC (rev 12361)
+++ branches/SAMBA_4_0/source/kdc/hdb-ldb.c 2005-12-19 07:11:58 UTC (rev 12362)
@@ -225,6 +225,7 @@
unsigned int userAccountControl;
int i;
krb5_error_code ret = 0;
+ krb5_boolean is_computer = FALSE;
const char *dnsdomain = ldb_msg_find_string(realm_ref_msg, "dnsRoot", NULL);
char *realm = strupper_talloc(mem_ctx, dnsdomain);
struct ldb_dn *domain_dn = samdb_result_dn(mem_ctx, realm_ref_msg, "nCName", ldb_dn_new(mem_ctx));
@@ -232,6 +233,17 @@
struct hdb_ldb_private *private;
NTTIME acct_expiry;
+ struct ldb_message_element *objectclasses;
+ struct ldb_val computer_val;
+ computer_val.data = discard_const_p(uint8_t,"computer");
+ computer_val.length = strlen((const char *)computer_val.data);
+
+ objectclasses = ldb_msg_find_element(msg, "objectClass");
+
+ if (objectclasses && ldb_msg_find_val(objectclasses, &computer_val)) {
+ is_computer = TRUE;
+ }
+
memset(entry_ex, 0, sizeof(*entry_ex));
krb5_warnx(context, "LDB_message2entry:\n");
@@ -256,6 +268,7 @@
entry_ex->free_entry = hdb_ldb_free_entry;
userAccountControl = ldb_msg_find_uint(msg, "userAccountControl", 0);
+
entry_ex->entry.principal = malloc(sizeof(*(entry_ex->entry.principal)));
if (ent_type == HDB_LDB_ENT_TYPE_ANY && principal == NULL) {
@@ -306,7 +319,7 @@
}
if (lp_parm_bool(-1, "kdc", "require spn for service", True)) {
- if (!ldb_msg_find_string(msg, "servicePrincipalName", NULL)) {
+ if (!is_computer && !ldb_msg_find_string(msg, "servicePrincipalName", NULL)) {
entry_ex->entry.flags.server = 0;
}
}
@@ -377,14 +390,7 @@
Principal *salt_principal;
const char *user_principal_name = ldb_msg_find_string(msg, "userPrincipalName", NULL);
- struct ldb_message_element *objectclasses;
- struct ldb_val computer_val;
- computer_val.data = discard_const_p(uint8_t,"computer");
- computer_val.length = strlen((const char *)computer_val.data);
-
- objectclasses = ldb_msg_find_element(msg, "objectClass");
-
- if (objectclasses && ldb_msg_find_val(objectclasses, &computer_val)) {
+ if (is_computer) {
/* Determine a salting principal */
char *samAccountName = talloc_strdup(mem_ctx, ldb_msg_find_string(msg, "samAccountName", NULL));
char *saltbody;
More information about the samba-cvs
mailing list