git.samba.org
/
samba.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
krb5-samba: interdomain trust uses different salt principal
[samba.git]
/
auth
/
credentials
/
credentials_krb5.c
diff --git
a/auth/credentials/credentials_krb5.c
b/auth/credentials/credentials_krb5.c
index 9da1aa09250db7b9e8201aab3306d153b7ef655c..d36797bf0f37f952a7102c8a51050225777e9ec4 100644
(file)
--- a/
auth/credentials/credentials_krb5.c
+++ b/
auth/credentials/credentials_krb5.c
@@
-34,6
+34,7
@@
#include "auth/kerberos/kerberos_util.h"
#include "auth/kerberos/pac_utils.h"
#include "param/param.h"
#include "auth/kerberos/kerberos_util.h"
#include "auth/kerberos/pac_utils.h"
#include "param/param.h"
+#include "../libds/common/flags.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_AUTH
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_AUTH
@@
-974,7
+975,7
@@
_PUBLIC_ int cli_credentials_get_keytab(struct cli_credentials *cred,
const char *upn = NULL;
const char *realm = cli_credentials_get_realm(cred);
char *salt_principal = NULL;
const char *upn = NULL;
const char *realm = cli_credentials_get_realm(cred);
char *salt_principal = NULL;
-
bool is_computer = false
;
+
uint32_t uac_flags = 0
;
if (cred->keytab_obtained >= (MAX(cred->principal_obtained,
cred->username_obtained))) {
if (cred->keytab_obtained >= (MAX(cred->principal_obtained,
cred->username_obtained))) {
@@
-999,9
+1000,15
@@
_PUBLIC_ int cli_credentials_get_keytab(struct cli_credentials *cred,
switch (cred->secure_channel_type) {
case SEC_CHAN_WKSTA:
switch (cred->secure_channel_type) {
case SEC_CHAN_WKSTA:
- case SEC_CHAN_BDC:
case SEC_CHAN_RODC:
case SEC_CHAN_RODC:
- is_computer = true;
+ uac_flags = UF_WORKSTATION_TRUST_ACCOUNT;
+ break;
+ case SEC_CHAN_BDC:
+ uac_flags = UF_SERVER_TRUST_ACCOUNT;
+ break;
+ case SEC_CHAN_DOMAIN:
+ case SEC_CHAN_DNS_DOMAIN:
+ uac_flags = UF_INTERDOMAIN_TRUST_ACCOUNT;
break;
default:
upn = cli_credentials_get_principal(cred, mem_ctx);
break;
default:
upn = cli_credentials_get_principal(cred, mem_ctx);
@@
-1009,13
+1016,14
@@
_PUBLIC_ int cli_credentials_get_keytab(struct cli_credentials *cred,
TALLOC_FREE(mem_ctx);
return ENOMEM;
}
TALLOC_FREE(mem_ctx);
return ENOMEM;
}
+ uac_flags = UF_NORMAL_ACCOUNT;
break;
}
ret = smb_krb5_salt_principal(realm,
username, /* sAMAccountName */
upn, /* userPrincipalName */
break;
}
ret = smb_krb5_salt_principal(realm,
username, /* sAMAccountName */
upn, /* userPrincipalName */
-
is_computer
,
+
uac_flags
,
mem_ctx,
&salt_principal);
if (ret) {
mem_ctx,
&salt_principal);
if (ret) {