[SCM] Samba Shared Repository - branch v4-1-test updated

Karolin Seeger kseeger at samba.org
Tue Sep 30 14:53:03 MDT 2014 

The branch, v4-1-test has been updated
       via  bff195a s3-libads: Improve service principle guessing.
      from  f93df45 smbd: We now survive smb2.oplock.stream1

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-1-test


- Log -----------------------------------------------------------------
commit bff195a254f16d34cd7bbd56cd225c436aff68c2
Author: Andreas Schneider <asn at samba.org>
Date:   Tue Sep 23 14:09:41 2014 +0200

    s3-libads: Improve service principle guessing.
    
    If the name passed to the net command with the -S options is the long
    hostname of the domaincontroller and not the 15 char NetBIOS name we
    should construct a FQDN with the realm to get a Kerberos ticket.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=10829
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Guenther Deschner <gd at samba.org>
    (cherry picked from commit 83c62bd3f5945bbe295cbfbd153736d4c709b3a6)
    
    Autobuild-User(v4-1-test): Karolin Seeger <kseeger at samba.org>
    Autobuild-Date(v4-1-test): Tue Sep 30 22:52:34 CEST 2014 on sn-devel-104

-----------------------------------------------------------------------

Summary of changes:
 source3/libads/sasl.c |  124 ++++++++++++++++++++++++++-----------------------
 1 files changed, 66 insertions(+), 58 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c
index 33f4e24..1450ff1 100644
--- a/source3/libads/sasl.c
+++ b/source3/libads/sasl.c
@@ -714,88 +714,96 @@ static void ads_free_service_principal(struct ads_service_principal *p)
 static ADS_STATUS ads_guess_service_principal(ADS_STRUCT *ads,
 					      char **returned_principal)
 {
+	ADS_STATUS status = ADS_ERROR(LDAP_NO_MEMORY);
 	char *princ = NULL;
+	TALLOC_CTX *frame;
+	char *server = NULL;
+	char *realm = NULL;
+	int rc;
 
-	if (ads->server.realm && ads->server.ldap_server) {
-		char *server, *server_realm;
-
-		server = SMB_STRDUP(ads->server.ldap_server);
-		server_realm = SMB_STRDUP(ads->server.realm);
-
-		if (!server || !server_realm) {
-			SAFE_FREE(server);
-			SAFE_FREE(server_realm);
-			return ADS_ERROR(LDAP_NO_MEMORY);
-		}
+	frame = talloc_stackframe();
+	if (frame == NULL) {
+		return ADS_ERROR(LDAP_NO_MEMORY);
+	}
 
-		if (!strlower_m(server)) {
-			SAFE_FREE(server);
-			SAFE_FREE(server_realm);
-			return ADS_ERROR(LDAP_NO_MEMORY);
+	if (ads->server.realm && ads->server.ldap_server) {
+		server = strlower_talloc(frame, ads->server.ldap_server);
+		if (server == NULL) {
+			goto out;
 		}
 
-		if (!strupper_m(server_realm)) {
-			SAFE_FREE(server);
-			SAFE_FREE(server_realm);
-			return ADS_ERROR(LDAP_NO_MEMORY);
+		realm = strupper_talloc(frame, ads->server.realm);
+		if (realm == NULL) {
+			goto out;
 		}
 
-		if (asprintf(&princ, "ldap/%s@%s", server, server_realm) == -1) {
-			SAFE_FREE(server);
-			SAFE_FREE(server_realm);
-			return ADS_ERROR(LDAP_NO_MEMORY);
-		}
+		/*
+		 * If we got a name which is bigger than a NetBIOS name,
+		 * but isn't a FQDN, create one.
+		 */
+		if (strlen(server) > 15 && strstr(server, ".") == NULL) {
+			char *dnsdomain;
 
-		SAFE_FREE(server);
-		SAFE_FREE(server_realm);
+			dnsdomain = strlower_talloc(frame, ads->server.realm);
+			if (dnsdomain == NULL) {
+				goto out;
+			}
 
-		if (!princ) {
-			return ADS_ERROR(LDAP_NO_MEMORY);
+			server = talloc_asprintf(frame,
+						 "%s.%s",
+						 server, dnsdomain);
+			if (server == NULL) {
+				goto out;
+			}
 		}
 	} else if (ads->config.realm && ads->config.ldap_server_name) {
-		char *server, *server_realm;
-
-		server = SMB_STRDUP(ads->config.ldap_server_name);
-		server_realm = SMB_STRDUP(ads->config.realm);
-
-		if (!server || !server_realm) {
-			SAFE_FREE(server);
-			SAFE_FREE(server_realm);
-			return ADS_ERROR(LDAP_NO_MEMORY);
+		server = strlower_talloc(frame, ads->config.ldap_server_name);
+		if (server == NULL) {
+			goto out;
 		}
 
-		if (!strlower_m(server)) {
-			SAFE_FREE(server);
-			SAFE_FREE(server_realm);
-			return ADS_ERROR(LDAP_NO_MEMORY);
+		realm = strupper_talloc(frame, ads->config.realm);
+		if (realm == NULL) {
+			goto out;
 		}
 
-		if (!strupper_m(server_realm)) {
-			SAFE_FREE(server);
-			SAFE_FREE(server_realm);
-			return ADS_ERROR(LDAP_NO_MEMORY);
-		}
-		if (asprintf(&princ, "ldap/%s@%s", server, server_realm) == -1) {
-			SAFE_FREE(server);
-			SAFE_FREE(server_realm);
-			return ADS_ERROR(LDAP_NO_MEMORY);
-		}
+		/*
+		 * If we got a name which is bigger than a NetBIOS name,
+		 * but isn't a FQDN, create one.
+		 */
+		if (strlen(server) > 15 && strstr(server, ".") == NULL) {
+			char *dnsdomain;
 
-		SAFE_FREE(server);
-		SAFE_FREE(server_realm);
+			dnsdomain = strlower_talloc(frame, ads->server.realm);
+			if (dnsdomain == NULL) {
+				goto out;
+			}
 
-		if (!princ) {
-			return ADS_ERROR(LDAP_NO_MEMORY);
+			server = talloc_asprintf(frame,
+						 "%s.%s",
+						 server, dnsdomain);
+			if (server == NULL) {
+				goto out;
+			}
 		}
 	}
 
-	if (!princ) {
-		return ADS_ERROR(LDAP_PARAM_ERROR);
+	if (server == NULL || realm == NULL) {
+		goto out;
+	}
+
+	rc = asprintf(&princ, "ldap/%s@%s", server, realm);
+	if (rc == -1 || princ == NULL) {
+		status = ADS_ERROR(LDAP_PARAM_ERROR);
+		goto out;
 	}
 
 	*returned_principal = princ;
 
-	return ADS_SUCCESS;
+	status = ADS_SUCCESS;
+out:
+	TALLOC_FREE(frame);
+	return status;
 }
 
 static ADS_STATUS ads_generate_service_principal(ADS_STRUCT *ads,


-- 
Samba Shared Repository

More information about the samba-cvs mailing list