sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-27 22:50:26 +03:00
Code

heimdal: handle referrals for 3 part DRSUAPI SPNs

Browse Source 
This handles referrals for SPNs of the form
E3514235-4B06-11D1-AB04-00C04FC2DCD2/NTDSGUID/REALM, which are
used during DRS replication when we don't know the dnsHostName of the
target DC (which we don't know until the first replication from that
DC completes).

We use the 3rd part of the SPN directly as the realm name in the
referral.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Andrew Tridgell 2011-09-28 14:18:14 +10:00
parent b930b1e1fc
commit 6b69ecd029
1 changed files with 18 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
source4/heimdal/kdc/krb5tgs.c
View File

@ -1121,7 +1121,24 @@ need_referral(krb5_context context, krb5_kdc_configuration *config,
if (server->name.name_string.len == 1)
name = server->name.name_string.val[0];
else if (server->name.name_string.len > 1)
else if (server->name.name_string.len == 3 &&
strcasecmp("E3514235-4B06-11D1-AB04-00C04FC2DCD2", server->name.name_string.val[0]) == 0) {
/*
This is used to give referrals for the
E3514235-4B06-11D1-AB04-00C04FC2DCD2/NTDSGUID/DNSDOMAIN
SPN form, which is used for inter-domain communication in AD
*/
name = server->name.name_string.val[2];
kdc_log(context, config, 0, "Giving 3 part DRSUAPI referral for %s", name);
*realms = malloc(sizeof(char *)*2);
if (*realms == NULL) {
krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
return FALSE;
}
(*realms)[0] = strdup(name);
(*realms)[1] = NULL;
return TRUE;
} else if (server->name.name_string.len > 1)
name = server->name.name_string.val[1];
else
return FALSE;