svn commit: samba r24804 - in branches: SAMBA_3_2/source/include
SAMBA_3_2/source/libads SAMBA_3_2_0/source/include
SAMBA_3_2_0/source/libads
gd at samba.org
gd at samba.org
Thu Aug 30 15:39:52 GMT 2007
Author: gd
Date: 2007-08-30 15:39:51 +0000 (Thu, 30 Aug 2007)
New Revision: 24804
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=24804
Log:
As a temporary workaround, also try to guess the server's principal in the
"not_defined_in_RFC4178 at please_ignore" case to make at least LDAP SASL binds
succeed with windows server 2008.
Guenther
Modified:
branches/SAMBA_3_2/source/include/ads.h
branches/SAMBA_3_2/source/libads/sasl.c
branches/SAMBA_3_2/source/libads/util.c
branches/SAMBA_3_2_0/source/include/ads.h
branches/SAMBA_3_2_0/source/libads/sasl.c
branches/SAMBA_3_2_0/source/libads/util.c
Changeset:
Modified: branches/SAMBA_3_2/source/include/ads.h
===================================================================
--- branches/SAMBA_3_2/source/include/ads.h 2007-08-30 14:55:32 UTC (rev 24803)
+++ branches/SAMBA_3_2/source/include/ads.h 2007-08-30 15:39:51 UTC (rev 24804)
@@ -394,4 +394,6 @@
#define ADS_EXTENDED_RIGHT_APPLY_GROUP_POLICY "edacfd8f-ffb3-11d1-b41d-00a0c968f939"
+#define ADS_IGNORE_PRINCIPAL "not_defined_in_RFC4178 at please_ignore"
+
#endif /* _INCLUDE_ADS_H_ */
Modified: branches/SAMBA_3_2/source/libads/sasl.c
===================================================================
--- branches/SAMBA_3_2/source/libads/sasl.c 2007-08-30 14:55:32 UTC (rev 24803)
+++ branches/SAMBA_3_2/source/libads/sasl.c 2007-08-30 15:39:51 UTC (rev 24804)
@@ -657,55 +657,26 @@
ZERO_STRUCTP(p);
- /* I've seen a child Windows 2000 domain not send
- the principal name back in the first round of
+ /* I've seen a child Windows 2000 domain not send
+ the principal name back in the first round of
the SASL bind reply. So we guess based on server
name and realm. --jerry */
- if (given_principal) {
- p->string = SMB_STRDUP(given_principal);
- if (!p->string) {
- return ADS_ERROR(LDAP_NO_MEMORY);
- }
- } else if (ads->server.realm && ads->server.ldap_server) {
- char *server, *server_realm;
+ /* Also try best guess when we get the w2k8 ignore
+ principal back - gd */
- server = SMB_STRDUP(ads->server.ldap_server);
- server_realm = SMB_STRDUP(ads->server.realm);
+ if (!given_principal ||
+ strequal(given_principal, ADS_IGNORE_PRINCIPAL)) {
- if (!server || !server_realm) {
- return ADS_ERROR(LDAP_NO_MEMORY);
+ status = ads_guess_service_principal(ads, given_principal,
+ &p->string);
+ if (!ADS_ERR_OK(status)) {
+ return status;
}
-
- strlower_m(server);
- strupper_m(server_realm);
- asprintf(&p->string, "ldap/%s@%s", server, server_realm);
-
- SAFE_FREE(server);
- SAFE_FREE(server_realm);
-
+ } else {
+ p->string = SMB_STRDUP(given_principal);
if (!p->string) {
return ADS_ERROR(LDAP_NO_MEMORY);
}
- } else if (ads->config.realm && ads->config.ldap_server_name) {
- char *server, *server_realm;
-
- server = SMB_STRDUP(ads->config.ldap_server_name);
- server_realm = SMB_STRDUP(ads->config.realm);
-
- if (!server || !server_realm) {
- return ADS_ERROR(LDAP_NO_MEMORY);
- }
-
- strlower_m(server);
- strupper_m(server_realm);
- asprintf(&p->string, "ldap/%s@%s", server, server_realm);
-
- SAFE_FREE(server);
- SAFE_FREE(server_realm);
-
- if (!p->string) {
- return ADS_ERROR(LDAP_NO_MEMORY);
- }
}
initialize_krb5_error_table();
Modified: branches/SAMBA_3_2/source/libads/util.c
===================================================================
--- branches/SAMBA_3_2/source/libads/util.c 2007-08-30 14:55:32 UTC (rev 24803)
+++ branches/SAMBA_3_2/source/libads/util.c 2007-08-30 15:39:51 UTC (rev 24804)
@@ -51,4 +51,62 @@
SAFE_FREE(password);
return ret;
}
+
+ADS_STATUS ads_guess_service_principal(ADS_STRUCT *ads,
+ const char *given_principal,
+ char **returned_principal)
+{
+ char *princ = NULL;
+
+ if (ads->server.realm && ads->server.ldap_server) {
+ char *server, *server_realm;
+
+ server = SMB_STRDUP(ads->server.ldap_server);
+ server_realm = SMB_STRDUP(ads->server.realm);
+
+ if (!server || !server_realm) {
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+
+ strlower_m(server);
+ strupper_m(server_realm);
+ asprintf(&princ, "ldap/%s@%s", server, server_realm);
+
+ SAFE_FREE(server);
+ SAFE_FREE(server_realm);
+
+ if (!princ) {
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+ } else if (ads->config.realm && ads->config.ldap_server_name) {
+ char *server, *server_realm;
+
+ server = SMB_STRDUP(ads->config.ldap_server_name);
+ server_realm = SMB_STRDUP(ads->config.realm);
+
+ if (!server || !server_realm) {
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+
+ strlower_m(server);
+ strupper_m(server_realm);
+ asprintf(&princ, "ldap/%s@%s", server, server_realm);
+
+ SAFE_FREE(server);
+ SAFE_FREE(server_realm);
+
+ if (!princ) {
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+ }
+
+ if (!princ) {
+ return ADS_ERROR(LDAP_PARAM_ERROR);
+ }
+
+ *returned_principal = princ;
+
+ return ADS_SUCCESS;
+}
+
#endif
Modified: branches/SAMBA_3_2_0/source/include/ads.h
===================================================================
--- branches/SAMBA_3_2_0/source/include/ads.h 2007-08-30 14:55:32 UTC (rev 24803)
+++ branches/SAMBA_3_2_0/source/include/ads.h 2007-08-30 15:39:51 UTC (rev 24804)
@@ -394,4 +394,6 @@
#define ADS_EXTENDED_RIGHT_APPLY_GROUP_POLICY "edacfd8f-ffb3-11d1-b41d-00a0c968f939"
+#define ADS_IGNORE_PRINCIPAL "not_defined_in_RFC4178 at please_ignore"
+
#endif /* _INCLUDE_ADS_H_ */
Modified: branches/SAMBA_3_2_0/source/libads/sasl.c
===================================================================
--- branches/SAMBA_3_2_0/source/libads/sasl.c 2007-08-30 14:55:32 UTC (rev 24803)
+++ branches/SAMBA_3_2_0/source/libads/sasl.c 2007-08-30 15:39:51 UTC (rev 24804)
@@ -657,55 +657,26 @@
ZERO_STRUCTP(p);
- /* I've seen a child Windows 2000 domain not send
- the principal name back in the first round of
+ /* I've seen a child Windows 2000 domain not send
+ the principal name back in the first round of
the SASL bind reply. So we guess based on server
name and realm. --jerry */
- if (given_principal) {
- p->string = SMB_STRDUP(given_principal);
- if (!p->string) {
- return ADS_ERROR(LDAP_NO_MEMORY);
- }
- } else if (ads->server.realm && ads->server.ldap_server) {
- char *server, *server_realm;
+ /* Also try best guess when we get the w2k8 ignore
+ principal back - gd */
- server = SMB_STRDUP(ads->server.ldap_server);
- server_realm = SMB_STRDUP(ads->server.realm);
+ if (!given_principal ||
+ strequal(given_principal, ADS_IGNORE_PRINCIPAL)) {
- if (!server || !server_realm) {
- return ADS_ERROR(LDAP_NO_MEMORY);
+ status = ads_guess_service_principal(ads, given_principal,
+ &p->string);
+ if (!ADS_ERR_OK(status)) {
+ return status;
}
-
- strlower_m(server);
- strupper_m(server_realm);
- asprintf(&p->string, "ldap/%s@%s", server, server_realm);
-
- SAFE_FREE(server);
- SAFE_FREE(server_realm);
-
+ } else {
+ p->string = SMB_STRDUP(given_principal);
if (!p->string) {
return ADS_ERROR(LDAP_NO_MEMORY);
}
- } else if (ads->config.realm && ads->config.ldap_server_name) {
- char *server, *server_realm;
-
- server = SMB_STRDUP(ads->config.ldap_server_name);
- server_realm = SMB_STRDUP(ads->config.realm);
-
- if (!server || !server_realm) {
- return ADS_ERROR(LDAP_NO_MEMORY);
- }
-
- strlower_m(server);
- strupper_m(server_realm);
- asprintf(&p->string, "ldap/%s@%s", server, server_realm);
-
- SAFE_FREE(server);
- SAFE_FREE(server_realm);
-
- if (!p->string) {
- return ADS_ERROR(LDAP_NO_MEMORY);
- }
}
initialize_krb5_error_table();
Modified: branches/SAMBA_3_2_0/source/libads/util.c
===================================================================
--- branches/SAMBA_3_2_0/source/libads/util.c 2007-08-30 14:55:32 UTC (rev 24803)
+++ branches/SAMBA_3_2_0/source/libads/util.c 2007-08-30 15:39:51 UTC (rev 24804)
@@ -51,4 +51,62 @@
SAFE_FREE(password);
return ret;
}
+
+ADS_STATUS ads_guess_service_principal(ADS_STRUCT *ads,
+ const char *given_principal,
+ char **returned_principal)
+{
+ char *princ = NULL;
+
+ if (ads->server.realm && ads->server.ldap_server) {
+ char *server, *server_realm;
+
+ server = SMB_STRDUP(ads->server.ldap_server);
+ server_realm = SMB_STRDUP(ads->server.realm);
+
+ if (!server || !server_realm) {
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+
+ strlower_m(server);
+ strupper_m(server_realm);
+ asprintf(&princ, "ldap/%s@%s", server, server_realm);
+
+ SAFE_FREE(server);
+ SAFE_FREE(server_realm);
+
+ if (!princ) {
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+ } else if (ads->config.realm && ads->config.ldap_server_name) {
+ char *server, *server_realm;
+
+ server = SMB_STRDUP(ads->config.ldap_server_name);
+ server_realm = SMB_STRDUP(ads->config.realm);
+
+ if (!server || !server_realm) {
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+
+ strlower_m(server);
+ strupper_m(server_realm);
+ asprintf(&princ, "ldap/%s@%s", server, server_realm);
+
+ SAFE_FREE(server);
+ SAFE_FREE(server_realm);
+
+ if (!princ) {
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+ }
+
+ if (!princ) {
+ return ADS_ERROR(LDAP_PARAM_ERROR);
+ }
+
+ *returned_principal = princ;
+
+ return ADS_SUCCESS;
+}
+
#endif
More information about the samba-cvs
mailing list