[PATCH 0/3] cifs.upcall: attempt to use AD-style service principals
Jeff Layton
jlayton at samba.org
Sun Nov 13 18:17:25 MST 2011
We've had a request recently to allow cifs.upcall to use AD-style
service principals. While trying to nail down what they need, I asked
Simo his opinion on how best to pick a service principal for a given
hostname. His suggestion was:
INPUT: fooo
TRY in order:
FOOO$@REALM
cifs/fooo.<guessed domain ?>@REALM
host/fooo.<guessed domain ?>@REALM
INPUT: bar.example.com
TRY in order:
cifs/bar.example.com at REALM
BAR$@REALM
host/bar.example.com at REALM
This patchset attempts to embody that logic.
Suggestions welcome. Those reviewing it, please pay particular attention
to the scheme for guessing a domain name. I want to make certain that
we're not opening up any security holes with that scheme.
Jeff Layton (3):
cifs.upcall: move to an on-stack princ buffer
cifs.upcall: move to Simo's suggested algorithm for picking a
principal
cifs.upcall: try and guess the domain name on unqualified names
cifs.upcall.c | 143 ++++++++++++++++++++++++++++++++++++++++++++++----------
1 files changed, 117 insertions(+), 26 deletions(-)
--
1.7.6.4
More information about the samba-technical
mailing list