svn commit: lorikeet r284 - in trunk/heimdal/lib/hdb: .

[abartlet at samba.org]

Author: abartlet
Date: 2005-05-14 07:11:30 +0000 (Sat, 14 May 2005)
New Revision: 284

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=lorikeet&rev=284

Log:
Move hdb-ldb to allowing both short and long realm names, and use the
dnsDomain attribute to find the 'realm' name.

This and Samba's auth_sam module need to be updated to read the
appropriate confguration for finding short names.

Andrew Bartlett

Modified:
   trunk/heimdal/lib/hdb/hdb-ldb.c


Changeset:
Modified: trunk/heimdal/lib/hdb/hdb-ldb.c
===================================================================
--- trunk/heimdal/lib/hdb/hdb-ldb.c	2005-05-14 07:04:50 UTC (rev 283)
+++ trunk/heimdal/lib/hdb/hdb-ldb.c	2005-05-14 07:11:30 UTC (rev 284)
@@ -226,8 +226,20 @@
 	int userAccountControl;
 	int i;
 	int ret = 0;
-	const char *realm = ldb_msg_find_string(realm_msg, "realm", NULL);
-	
+	const char *dnsdomain = ldb_msg_find_string(realm_msg, "dnsDomain", NULL);
+	char *realm = talloc_strdup(mem_ctx, dnsdomain);
+
+	if (!realm) {
+		krb5_set_error_string(context, "talloc_strdup: out of memory");
+		ret = ENOMEM;
+		goto out;
+	}
+
+	/* TODO: Use Samba charset functions */
+	for (i=0; i< strlen(realm); i++) {
+		realm[i] = toupper(realm[i]);
+	}
+			
 	krb5_warnx(context, "LDB_message2entry:\n");
 
 	memset(ent, 0, sizeof(*ent));
@@ -305,29 +317,16 @@
 		if (objectclasses && ldb_msg_find_val(objectclasses, &computer_val)) {
 			/* Determine a salting principal */
 			char *samAccountName = talloc_strdup(mem_ctx, ldb_msg_find_string(msg, "samAccountName", NULL));
-			char *realm_lower = talloc_strdup(mem_ctx, realm);
 			char *saltbody;
-			int i;
 			if (!samAccountName) {
 				krb5_set_error_string(context, "LDB_message2entry: no samAccountName present");
 				ret = ENOENT;
 				goto out;
 			}
-			if (!realm_lower) {
-				krb5_set_error_string(context, "malloc: out of memory");
-				ret = ENOMEM;
-				goto out;
-			}
-			
-			/* TODO: Use Samba charset functions */
-			for (i=0; i< strlen(realm_lower); i++) {
-				realm_lower[i] = tolower(realm_lower[i]);
-			}
-			
 			if (samAccountName[strlen(samAccountName)-1] == '$') {
 				samAccountName[strlen(samAccountName)-1] = '\0';
 			}
-			saltbody = talloc_asprintf(mem_ctx, "%s.%s", samAccountName, realm_lower);
+			saltbody = talloc_asprintf(mem_ctx, "%s.%s", samAccountName, dnsdomain);
 			
 			ret = krb5_make_principal(context, &salt_principal, realm, "host", saltbody, NULL);
 		} else if (user_principal_name) {
@@ -526,14 +525,14 @@
 	struct ldb_message **msg;
 
 	const char *realm_attrs[] = {
-		"realm", 
+		"dnsDomain", 
 		"maxPwdAge",
 		NULL
 	};
 
 	realm_filter = talloc_asprintf(mem_ctx, 
-				       "(&(objectClass=domain)(realm=%s))",
-				       realm);
+				       "(|(&(objectClass=domain)(flatName=%s))(&(objectClass=domainDNS)(dnsDomain=%s)))",
+				       realm, realm);
 	if (!realm_filter) {
 		krb5_set_error_string(context, "asprintf: out of memory");
 		return ENOMEM;