r20906: allow LDAP simple binds using the following syntaxes in the DN field:

CN=Administrator,CN=Users,DC=w2k3,DC=vmnet1,DC=vm,DC=base
Administrator@W2K3
W2K3\Administrator
w2k3.vmnet1.vm.base/Users/Administrator

w2k3 also allows this (and maybe more...?)

metze
(This used to be commit 40c27ef88df9021e9ef2a6c43aabab709ac9662f)

diff --git a/source4/dsdb/samdb/cracknames.c b/source4/dsdb/samdb/cracknames.c
index 28c9890db57142d62ca2d38f5fbd7e55e56f6d52..02644c78f14ea971eb9b6327e5a2bf9247b5f805 100644 (file)
--- a/source4/dsdb/samdb/cracknames.c
+++ b/source4/dsdb/samdb/cracknames.c
@@ -996,9 +996,10 @@ NTSTATUS crack_service_principal_name(struct ldb_context *sam_ctx,
        
 }
 
-NTSTATUS crack_dn_to_nt4_name(TALLOC_CTX *mem_ctx, 
-                             const char *dn, 
-                             const char **nt4_domain, const char **nt4_account)
+NTSTATUS crack_name_to_nt4_name(TALLOC_CTX *mem_ctx, 
+                               uint32_t format_offered,
+                               const char *name, 
+                               const char **nt4_domain, const char **nt4_account)
 {
        WERROR werr;
        struct drsuapi_DsNameInfo1 info1;
@@ -1006,7 +1007,7 @@ NTSTATUS crack_dn_to_nt4_name(TALLOC_CTX *mem_ctx,
        char *p;
 
        /* Handle anonymous bind */
-       if (!dn || !*dn) {
+       if (!name || !*name) {
                *nt4_domain = "";
                *nt4_account = "";
                return NT_STATUS_OK;
@@ -1018,9 +1019,9 @@ NTSTATUS crack_dn_to_nt4_name(TALLOC_CTX *mem_ctx,
        }
 
        werr = DsCrackNameOneName(ldb, mem_ctx, 0,
-                                 DRSUAPI_DS_NAME_FORMAT_FQDN_1779, 
+                                 format_offered, 
                                  DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
-                                 dn,
+                                 name,
                                  &info1);
        if (!W_ERROR_IS_OK(werr)) {
                return werror_to_ntstatus(werr);
@@ -1054,5 +1055,31 @@ NTSTATUS crack_dn_to_nt4_name(TALLOC_CTX *mem_ctx,
        }
 
        return NT_STATUS_OK;
-       
+}
+
+NTSTATUS crack_auto_name_to_nt4_name(TALLOC_CTX *mem_ctx,
+                                    const char *name,
+                                    const char **nt4_domain,
+                                    const char **nt4_account)
+{
+       uint32_t format_offered = DRSUAPI_DS_NAME_FORMAT_UKNOWN;
+
+       /* Handle anonymous bind */
+       if (!name || !*name) {
+               *nt4_domain = "";
+               *nt4_account = "";
+               return NT_STATUS_OK;
+       }
+
+       if (strchr_m(name, '=')) {
+               format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
+       } else if (strchr_m(name, '@')) {
+               format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL;
+       } else if (strchr_m(name, '\\')) {
+               format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT;
+       } else if (strchr_m(name, '/')) {
+               format_offered = DRSUAPI_DS_NAME_FORMAT_CANONICAL;
+       }
+
+       return crack_name_to_nt4_name(mem_ctx, format_offered, name, nt4_domain, nt4_account);
 }

diff --git a/source4/ldap_server/ldap_bind.c b/source4/ldap_server/ldap_bind.c
index f88d08e822db2bd7f0129b6e1c6eb9ef82e87f5d..3d5df58e210ad48d0f47542f73fbce5c6aef8ff2 100644 (file)
--- a/source4/ldap_server/ldap_bind.c
+++ b/source4/ldap_server/ldap_bind.c
@@ -45,7 +45,7 @@ static NTSTATUS ldapsrv_BindSimple(struct ldapsrv_call *call)
 
        DEBUG(10, ("BindSimple dn: %s\n",req->dn));
 
-       status = crack_dn_to_nt4_name(call, req->dn, &nt4_domain, &nt4_account);
+       status = crack_auto_name_to_nt4_name(call, req->dn, &nt4_domain, &nt4_account);
        if (NT_STATUS_IS_OK(status)) {
                status = authenticate_username_pw(call,
                                                  call->conn->connection->event.ctx,