[PATCH 0/3] cifs.upcall: attempt to use AD-style service principals

Jeff Layton jlayton at samba.org
Sun Nov 13 18:17:25 MST 2011

We've had a request recently to allow cifs.upcall to use AD-style
service principals. While trying to nail down what they need, I asked
Simo his opinion on how best to pick a service principal for a given
hostname. His suggestion was:

	INPUT: fooo
	TRY in order:
		cifs/fooo.<guessed domain ?>@REALM
  		host/fooo.<guessed domain ?>@REALM

	INPUT: bar.example.com
	TRY in order:
		cifs/bar.example.com at REALM
		host/bar.example.com at REALM

This patchset attempts to embody that logic.

Suggestions welcome. Those reviewing it, please pay particular attention
to the scheme for guessing a domain name. I want to make certain that
we're not opening up any security holes with that scheme.

Jeff Layton (3):
  cifs.upcall: move to an on-stack princ buffer
  cifs.upcall: move to Simo's suggested algorithm for picking a
  cifs.upcall: try and guess the domain name on unqualified names

 cifs.upcall.c |  143 ++++++++++++++++++++++++++++++++++++++++++++++----------
 1 files changed, 117 insertions(+), 26 deletions(-)


More information about the samba-technical mailing list