svn commit: samba r11322 - in branches/SAMBA_4_0/source/kdc: .
abartlet at samba.org
abartlet at samba.org
Thu Oct 27 10:45:22 GMT 2005
Author: abartlet
Date: 2005-10-27 10:45:16 +0000 (Thu, 27 Oct 2005)
New Revision: 11322
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=11322
Log:
Start moving towards using the cracknames code in the KDC.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/kdc/hdb-ldb.c
Changeset:
Modified: branches/SAMBA_4_0/source/kdc/hdb-ldb.c
===================================================================
--- branches/SAMBA_4_0/source/kdc/hdb-ldb.c 2005-10-27 10:44:41 UTC (rev 11321)
+++ branches/SAMBA_4_0/source/kdc/hdb-ldb.c 2005-10-27 10:45:16 UTC (rev 11322)
@@ -79,6 +79,17 @@
NULL
};
+const char *cross_ref_attrs[] = {
+ "nCName",
+ NULL
+};
+
+const char *realm_attrs[] = {
+ "dnsDomain",
+ "maxPwdAge",
+ NULL
+};
+
static KerberosTime ldb_msg_find_krb5time_ldap_time(struct ldb_message *msg, const char *attr, KerberosTime default_val)
{
const char *tmp;
@@ -562,17 +573,6 @@
struct ldb_message **cross_ref_msg;
struct ldb_message **msg;
- const char *cross_ref_attrs[] = {
- "nCName",
- NULL
- };
-
- const char *realm_attrs[] = {
- "dnsDomain",
- "maxPwdAge",
- NULL
- };
-
cross_ref_filter = talloc_asprintf(mem_ctx,
"(&(&(|(&(dnsRoot=%s)(nETBIOSName=*))(nETBIOSName=%s))(objectclass=crossRef))(ncName=*))",
realm, realm);
@@ -752,19 +752,7 @@
return ENOMEM;
}
- realm = krb5_principal_get_realm(context, principal);
-
- ret = LDB_lookup_realm(context, (struct ldb_context *)db->hdb_db,
- mem_ctx, realm, &realm_msg);
- if (ret != 0) {
- krb5_warnx(context, "LDB_fetch: could not find realm");
- talloc_free(mem_ctx);
- return HDB_ERR_NOENTRY;
- }
-
- realm_dn = realm_msg[0]->dn;
-
- /* Cludge, cludge cludge. If the realm part of krbtgt/realm,
+ /* Cludge, cludge cludge. If the realm part of krbtgt/realm,
* is in our db, then direct the caller at our primary
* krgtgt */
@@ -791,13 +779,56 @@
return ENOMEM;
}
ldb_ent_type = HDB_LDB_ENT_TYPE_KRBTGT;
+ break;
} else {
ldb_ent_type = HDB_LDB_ENT_TYPE_SERVER;
+ break;
}
- break;
case HDB_ENT_TYPE_CLIENT:
+ {
+ int ldb_ret;
+ NTSTATUS nt_status;
+ struct ldb_dn *user_dn, *domain_dn;
+ char *principal_string;
ldb_ent_type = HDB_LDB_ENT_TYPE_CLIENT;
- break;
+
+ ret = krb5_unparse_name(context, principal, &principal_string);
+
+ if (ret != 0) {
+ talloc_free(mem_ctx);
+ return ret;
+ }
+
+ nt_status = crack_user_principal_name((struct ldb_context *)db->hdb_db,
+ mem_ctx, principal_string,
+ &user_dn, &domain_dn);
+ free(principal_string);
+
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ talloc_free(mem_ctx);
+ return HDB_ERR_NOENTRY;
+ }
+
+ ldb_ret = gendb_search_dn((struct ldb_context *)db->hdb_db,
+ mem_ctx, user_dn, &msg, krb5_attrs);
+
+ if (ldb_ret != 1) {
+ return HDB_ERR_NOENTRY;
+ }
+
+ ldb_ret = gendb_search_dn((struct ldb_context *)db->hdb_db,
+ mem_ctx, domain_dn, &realm_msg, realm_attrs);
+
+ if (ldb_ret != 1) {
+ return HDB_ERR_NOENTRY;
+ }
+
+ ret = LDB_message2entry(context, db, mem_ctx,
+ principal, ldb_ent_type,
+ realm_msg[0], msg[0], entry);
+ talloc_free(mem_ctx);
+ return ret;
+ }
case HDB_ENT_TYPE_ANY:
ldb_ent_type = HDB_LDB_ENT_TYPE_ANY;
break;
@@ -807,6 +838,19 @@
return HDB_ERR_NOENTRY;
}
+
+ realm = krb5_principal_get_realm(context, principal);
+
+ ret = LDB_lookup_realm(context, (struct ldb_context *)db->hdb_db,
+ mem_ctx, realm, &realm_msg);
+ if (ret != 0) {
+ krb5_warnx(context, "LDB_fetch: could not find realm");
+ talloc_free(mem_ctx);
+ return HDB_ERR_NOENTRY;
+ }
+
+ realm_dn = realm_msg[0]->dn;
+
ret = LDB_lookup_principal(context, (struct ldb_context *)db->hdb_db,
mem_ctx,
principal, ldb_ent_type, realm_dn, &msg);
More information about the samba-cvs
mailing list