sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-03 12:58:35 +03:00
Code

dsdb: Allow spaces in userPrincipalName values

Browse Source 
This is needed to enable a kinit with a UPN that has a space in it

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
This commit is contained in:
Andrew Bartlett 2015-03-12 12:50:23 +13:00 committed by Günther Deschner
parent da99f8a5b9
commit 3cd8713216
1 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
source4/dsdb/samdb/cracknames.c
View File

@ -680,8 +680,18 @@ WERROR DsCrackNameOneName(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx,
domain_filter = NULL; domain_filter = NULL;
/* By getting the unparsed name here, we ensure the escaping is correct (and trust the client less) */ /*
ret = krb5_unparse_name(smb_krb5_context->krb5_context, principal, &unparsed_name); * By getting the unparsed name here, we ensure the
* escaping is removed correctly (and trust the client
* less). The important thing here is that a
* userPrincipalName may have a space in it, and this
* must not be kerberos escaped to match this filter,
* so we specify KRB5_PRINCIPAL_UNPARSE_DISPLAY
*/
ret = krb5_unparse_name_flags(smb_krb5_context->krb5_context,
principal,
KRB5_PRINCIPAL_UNPARSE_DISPLAY,
&unparsed_name);
if (ret) { if (ret) {
krb5_free_principal(smb_krb5_context->krb5_context, principal); krb5_free_principal(smb_krb5_context->krb5_context, principal);
return WERR_NOMEM; return WERR_NOMEM;