svn commit: lorikeet r284 - in trunk/heimdal/lib/hdb: .
abartlet at samba.org
abartlet at samba.org
Sat May 14 07:11:30 GMT 2005
Author: abartlet
Date: 2005-05-14 07:11:30 +0000 (Sat, 14 May 2005)
New Revision: 284
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=lorikeet&rev=284
Log:
Move hdb-ldb to allowing both short and long realm names, and use the
dnsDomain attribute to find the 'realm' name.
This and Samba's auth_sam module need to be updated to read the
appropriate confguration for finding short names.
Andrew Bartlett
Modified:
trunk/heimdal/lib/hdb/hdb-ldb.c
Changeset:
Modified: trunk/heimdal/lib/hdb/hdb-ldb.c
===================================================================
--- trunk/heimdal/lib/hdb/hdb-ldb.c 2005-05-14 07:04:50 UTC (rev 283)
+++ trunk/heimdal/lib/hdb/hdb-ldb.c 2005-05-14 07:11:30 UTC (rev 284)
@@ -226,8 +226,20 @@
int userAccountControl;
int i;
int ret = 0;
- const char *realm = ldb_msg_find_string(realm_msg, "realm", NULL);
-
+ const char *dnsdomain = ldb_msg_find_string(realm_msg, "dnsDomain", NULL);
+ char *realm = talloc_strdup(mem_ctx, dnsdomain);
+
+ if (!realm) {
+ krb5_set_error_string(context, "talloc_strdup: out of memory");
+ ret = ENOMEM;
+ goto out;
+ }
+
+ /* TODO: Use Samba charset functions */
+ for (i=0; i< strlen(realm); i++) {
+ realm[i] = toupper(realm[i]);
+ }
+
krb5_warnx(context, "LDB_message2entry:\n");
memset(ent, 0, sizeof(*ent));
@@ -305,29 +317,16 @@
if (objectclasses && ldb_msg_find_val(objectclasses, &computer_val)) {
/* Determine a salting principal */
char *samAccountName = talloc_strdup(mem_ctx, ldb_msg_find_string(msg, "samAccountName", NULL));
- char *realm_lower = talloc_strdup(mem_ctx, realm);
char *saltbody;
- int i;
if (!samAccountName) {
krb5_set_error_string(context, "LDB_message2entry: no samAccountName present");
ret = ENOENT;
goto out;
}
- if (!realm_lower) {
- krb5_set_error_string(context, "malloc: out of memory");
- ret = ENOMEM;
- goto out;
- }
-
- /* TODO: Use Samba charset functions */
- for (i=0; i< strlen(realm_lower); i++) {
- realm_lower[i] = tolower(realm_lower[i]);
- }
-
if (samAccountName[strlen(samAccountName)-1] == '$') {
samAccountName[strlen(samAccountName)-1] = '\0';
}
- saltbody = talloc_asprintf(mem_ctx, "%s.%s", samAccountName, realm_lower);
+ saltbody = talloc_asprintf(mem_ctx, "%s.%s", samAccountName, dnsdomain);
ret = krb5_make_principal(context, &salt_principal, realm, "host", saltbody, NULL);
} else if (user_principal_name) {
@@ -526,14 +525,14 @@
struct ldb_message **msg;
const char *realm_attrs[] = {
- "realm",
+ "dnsDomain",
"maxPwdAge",
NULL
};
realm_filter = talloc_asprintf(mem_ctx,
- "(&(objectClass=domain)(realm=%s))",
- realm);
+ "(|(&(objectClass=domain)(flatName=%s))(&(objectClass=domainDNS)(dnsDomain=%s)))",
+ realm, realm);
if (!realm_filter) {
krb5_set_error_string(context, "asprintf: out of memory");
return ENOMEM;
More information about the samba-cvs
mailing list