[SCM] Samba Shared Repository - branch v4-1-test updated
Karolin Seeger
kseeger at samba.org
Tue Sep 30 14:53:03 MDT 2014
The branch, v4-1-test has been updated
via bff195a s3-libads: Improve service principle guessing.
from f93df45 smbd: We now survive smb2.oplock.stream1
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-1-test
- Log -----------------------------------------------------------------
commit bff195a254f16d34cd7bbd56cd225c436aff68c2
Author: Andreas Schneider <asn at samba.org>
Date: Tue Sep 23 14:09:41 2014 +0200
s3-libads: Improve service principle guessing.
If the name passed to the net command with the -S options is the long
hostname of the domaincontroller and not the 15 char NetBIOS name we
should construct a FQDN with the realm to get a Kerberos ticket.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10829
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit 83c62bd3f5945bbe295cbfbd153736d4c709b3a6)
Autobuild-User(v4-1-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-1-test): Tue Sep 30 22:52:34 CEST 2014 on sn-devel-104
-----------------------------------------------------------------------
Summary of changes:
source3/libads/sasl.c | 124 ++++++++++++++++++++++++++-----------------------
1 files changed, 66 insertions(+), 58 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c
index 33f4e24..1450ff1 100644
--- a/source3/libads/sasl.c
+++ b/source3/libads/sasl.c
@@ -714,88 +714,96 @@ static void ads_free_service_principal(struct ads_service_principal *p)
static ADS_STATUS ads_guess_service_principal(ADS_STRUCT *ads,
char **returned_principal)
{
+ ADS_STATUS status = ADS_ERROR(LDAP_NO_MEMORY);
char *princ = NULL;
+ TALLOC_CTX *frame;
+ char *server = NULL;
+ char *realm = NULL;
+ int rc;
- if (ads->server.realm && ads->server.ldap_server) {
- char *server, *server_realm;
-
- server = SMB_STRDUP(ads->server.ldap_server);
- server_realm = SMB_STRDUP(ads->server.realm);
-
- if (!server || !server_realm) {
- SAFE_FREE(server);
- SAFE_FREE(server_realm);
- return ADS_ERROR(LDAP_NO_MEMORY);
- }
+ frame = talloc_stackframe();
+ if (frame == NULL) {
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
- if (!strlower_m(server)) {
- SAFE_FREE(server);
- SAFE_FREE(server_realm);
- return ADS_ERROR(LDAP_NO_MEMORY);
+ if (ads->server.realm && ads->server.ldap_server) {
+ server = strlower_talloc(frame, ads->server.ldap_server);
+ if (server == NULL) {
+ goto out;
}
- if (!strupper_m(server_realm)) {
- SAFE_FREE(server);
- SAFE_FREE(server_realm);
- return ADS_ERROR(LDAP_NO_MEMORY);
+ realm = strupper_talloc(frame, ads->server.realm);
+ if (realm == NULL) {
+ goto out;
}
- if (asprintf(&princ, "ldap/%s@%s", server, server_realm) == -1) {
- SAFE_FREE(server);
- SAFE_FREE(server_realm);
- return ADS_ERROR(LDAP_NO_MEMORY);
- }
+ /*
+ * If we got a name which is bigger than a NetBIOS name,
+ * but isn't a FQDN, create one.
+ */
+ if (strlen(server) > 15 && strstr(server, ".") == NULL) {
+ char *dnsdomain;
- SAFE_FREE(server);
- SAFE_FREE(server_realm);
+ dnsdomain = strlower_talloc(frame, ads->server.realm);
+ if (dnsdomain == NULL) {
+ goto out;
+ }
- if (!princ) {
- return ADS_ERROR(LDAP_NO_MEMORY);
+ server = talloc_asprintf(frame,
+ "%s.%s",
+ server, dnsdomain);
+ if (server == NULL) {
+ goto out;
+ }
}
} else if (ads->config.realm && ads->config.ldap_server_name) {
- char *server, *server_realm;
-
- server = SMB_STRDUP(ads->config.ldap_server_name);
- server_realm = SMB_STRDUP(ads->config.realm);
-
- if (!server || !server_realm) {
- SAFE_FREE(server);
- SAFE_FREE(server_realm);
- return ADS_ERROR(LDAP_NO_MEMORY);
+ server = strlower_talloc(frame, ads->config.ldap_server_name);
+ if (server == NULL) {
+ goto out;
}
- if (!strlower_m(server)) {
- SAFE_FREE(server);
- SAFE_FREE(server_realm);
- return ADS_ERROR(LDAP_NO_MEMORY);
+ realm = strupper_talloc(frame, ads->config.realm);
+ if (realm == NULL) {
+ goto out;
}
- if (!strupper_m(server_realm)) {
- SAFE_FREE(server);
- SAFE_FREE(server_realm);
- return ADS_ERROR(LDAP_NO_MEMORY);
- }
- if (asprintf(&princ, "ldap/%s@%s", server, server_realm) == -1) {
- SAFE_FREE(server);
- SAFE_FREE(server_realm);
- return ADS_ERROR(LDAP_NO_MEMORY);
- }
+ /*
+ * If we got a name which is bigger than a NetBIOS name,
+ * but isn't a FQDN, create one.
+ */
+ if (strlen(server) > 15 && strstr(server, ".") == NULL) {
+ char *dnsdomain;
- SAFE_FREE(server);
- SAFE_FREE(server_realm);
+ dnsdomain = strlower_talloc(frame, ads->server.realm);
+ if (dnsdomain == NULL) {
+ goto out;
+ }
- if (!princ) {
- return ADS_ERROR(LDAP_NO_MEMORY);
+ server = talloc_asprintf(frame,
+ "%s.%s",
+ server, dnsdomain);
+ if (server == NULL) {
+ goto out;
+ }
}
}
- if (!princ) {
- return ADS_ERROR(LDAP_PARAM_ERROR);
+ if (server == NULL || realm == NULL) {
+ goto out;
+ }
+
+ rc = asprintf(&princ, "ldap/%s@%s", server, realm);
+ if (rc == -1 || princ == NULL) {
+ status = ADS_ERROR(LDAP_PARAM_ERROR);
+ goto out;
}
*returned_principal = princ;
- return ADS_SUCCESS;
+ status = ADS_SUCCESS;
+out:
+ TALLOC_FREE(frame);
+ return status;
}
static ADS_STATUS ads_generate_service_principal(ADS_STRUCT *ads,
--
Samba Shared Repository
More information about the samba-cvs
mailing list