r12363: minor fixes for win2000 join/login

 - the objectClass needs to be added to the list of attributes to make
   the check for objectClass=computer work

 - the short version of the name needs to be used for the 'cn' in
   cracknames
(This used to be commit 53f0fb77c3c1bd15620f1dbb12e0d8f9fededf4b)

diff --git a/source4/auth/auth_sam.c b/source4/auth/auth_sam.c
index 95a7702822996f4cbb6dbd7dab82f065f8d79f4e..49813a437dedbd0654fa10d333f3a7fcd47e8ed4 100644 (file)
--- a/source4/auth/auth_sam.c
+++ b/source4/auth/auth_sam.c
@@ -64,7 +64,8 @@ static const char *user_attrs[] = {
        NULL,
 };
 
-static const char *domain_ref_attrs[] =  {"nETBIOSName", "nCName", "dnsRoot", NULL};
+static const char *domain_ref_attrs[] =  {"nETBIOSName", "nCName", 
+                                         "dnsRoot", "objectClass", NULL};
 
 /****************************************************************************
  Do a specific test for an smb password being correct, given a smb_password and

diff --git a/source4/dsdb/samdb/cracknames.c b/source4/dsdb/samdb/cracknames.c
index 2010005a6b116344ae2c88ec7e9541ef8bffcde1..977f992c08ad004bee67091b4f9ac53021a4c705 100644 (file)
--- a/source4/dsdb/samdb/cracknames.c
+++ b/source4/dsdb/samdb/cracknames.c
@@ -453,11 +453,20 @@ WERROR DsCrackNameOneName(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx,
                        krb5_free_principal(smb_krb5_context->krb5_context, principal);
                        return WERR_NOMEM;
                }
+
                service = principal->name.name_string.val[0];
                if ((principal->name.name_string.len == 2) && (strcasecmp(service, "host") == 0)) {
+                       /* the 'cn' attribute is just the leading part of the name */
+                       char *computer_name;
+                       computer_name = talloc_strndup(mem_ctx, principal->name.name_string.val[1], 
+                                                     strcspn(principal->name.name_string.val[1], "."));
+                       if (computer_name == NULL) {
+                               return WERR_NOMEM;
+                       }
+
                        result_filter = talloc_asprintf(mem_ctx, "(|(&(servicePrincipalName=%s)(objectClass=user))(&(cn=%s)(objectClass=computer)))", 
                                                        ldb_binary_encode_string(mem_ctx, unparsed_name_short), 
-                                                       ldb_binary_encode_string(mem_ctx, principal->name.name_string.val[1]));
+                                                       ldb_binary_encode_string(mem_ctx, computer_name));
                } else {
                        result_filter = talloc_asprintf(mem_ctx, "(&(servicePrincipalName=%s)(objectClass=user))",
                                                        ldb_binary_encode_string(mem_ctx, unparsed_name_short));