svn commit: lorikeet r291 - in trunk/heimdal/lib/hdb: .

abartlet at samba.org abartlet at samba.org
Sat May 14 15:21:14 GMT 2005 

Author: abartlet
Date: 2005-05-14 15:21:14 +0000 (Sat, 14 May 2005)
New Revision: 291

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=lorikeet&rev=291

Log:
Match win2k3 behaviour with regard to how the realm portion of the
prinicpal is returned to the client.  It is always in the servers
preferred form, not the form specified by the client.  (in contrast to
the parts before the @, which are byte-for-byte what the client asked
for).

Andrew Bartlett

Modified:
   trunk/heimdal/lib/hdb/hdb-ldb.c


Changeset:
Modified: trunk/heimdal/lib/hdb/hdb-ldb.c
===================================================================
--- trunk/heimdal/lib/hdb/hdb-ldb.c	2005-05-14 08:46:10 UTC (rev 290)
+++ trunk/heimdal/lib/hdb/hdb-ldb.c	2005-05-14 15:21:14 UTC (rev 291)
@@ -225,7 +225,7 @@
 	const char *unicodePwd;
 	int userAccountControl;
 	int i;
-	int ret = 0;
+	krb5_error_code ret = 0;
 	const char *dnsdomain = ldb_msg_find_string(realm_msg, "dnsDomain", NULL);
 	char *realm = talloc_strdup(mem_ctx, dnsdomain);
 
@@ -257,7 +257,30 @@
 		samAccountName = ldb_msg_find_string(msg, "samAccountName", NULL);
 		krb5_make_principal(context, &ent->principal, realm, samAccountName, NULL);
 	} else {
-		copy_Principal(principal, ent->principal);
+		char *strdup_realm;
+		ret = copy_Principal(principal, ent->principal);
+		if (ret) {
+			krb5_clear_error_string(context);
+			goto out;
+		}
+
+		/* While we have copied the client principal, tests
+		 * show that Win2k3 returns the 'corrected' realm, not
+		 * the client-specified realm.  This code attempts to
+		 * replace the client principal's realm with the one
+		 * we determine from our records */
+		
+		/* don't leak */
+		free(*krb5_princ_realm(context, principal));
+		
+		/* this has to be with malloc() */
+		strdup_realm = strdup(realm);
+		if (!strdup_realm) {
+			ret = ENOMEM;
+			krb5_clear_error_string(context);
+			goto out;
+		}
+		krb5_princ_set_realm(context, principal, &strdup_realm);
 	}
 
 	ent->kvno = ldb_msg_find_int(msg, "msDS-KeyVersionNumber", 0);
@@ -369,6 +392,7 @@
 
 		val = ldb_msg_find_ldb_val(msg, "ntPwdHash");
 		if (!val) {
+			krb5_warnx(context, "neither type of key available for this account\n");
 			ent->keys.val = NULL;
 			ent->keys.len = 0;
 		} else if (val->length < 16) {
@@ -399,7 +423,7 @@
 			
 			ent->keys.len = 1;
 		}
-	}
+	}		
 
 
 	ent->etypes = malloc(sizeof(*(ent->etypes)));

More information about the samba-cvs mailing list