krb5_error_code ret;
krb5_address addr;
krb5_boolean result;
-
+ krb5_boolean only_netbios = TRUE;
+ int i;
+
if(config->check_ticket_addresses == 0)
return TRUE;
- if(addresses == NULL)
+ if(addresses == NULL)
+ return config->allow_null_ticket_addresses;
+
+ for (i = 0; i < addresses->len; ++i) {
+ if (addresses->val[i].addr_type != KRB5_ADDRESS_NETBIOS) {
+ only_netbios = FALSE;
+ }
+ }
+
+ /* Windows sends it's netbios name, which I can only assume is
+ * used for the 'allowed workstations' check. This is painful, but
+ * we still want to check IP addresses if they happen to be
+ * present. */
+
+ if(only_netbios)
return config->allow_null_ticket_addresses;
ret = krb5_sockaddr2address (context, from, &addr);
kdcconn->kdc = kdc;
kdcconn->process = kpasswdd_process;
conn->private = kdcconn;
+ kdcconn->packet = packet_init(kdcconn);
+ if (kdcconn->packet == NULL) {
+ stream_terminate_connection(conn, "kdc_tcp_accept: out of memory");
+ return;
+ }
+ packet_set_private(kdcconn->packet, kdcconn);
+ packet_set_socket(kdcconn->packet, conn->socket);
+ packet_set_callback(kdcconn->packet, kdc_tcp_recv);
+ packet_set_full_request(kdcconn->packet, packet_full_request_u32);
+ packet_set_error_handler(kdcconn->packet, kdc_tcp_recv_error);
+ packet_set_event_context(kdcconn->packet, conn->event.ctx);
+ packet_set_fde(kdcconn->packet, conn->event.fde);
+ packet_set_serialise(kdcconn->packet);
}
static const struct stream_server_ops kpasswdd_tcp_stream_ops = {
}
krb5_kdc_default_config(kdc->config);
- /* NAT and the like make this pointless, and painful */
- kdc->config->check_ticket_addresses = FALSE;
-
initialize_krb5_error_table();
ret = smb_krb5_init_context(kdc, &kdc->smb_krb5_context);
TALLOC_CTX *tmp_ctx = talloc_new(entry_ex->private);
struct hdb_ldb_private *private = talloc_get_type(entry_ex->private, struct hdb_ldb_private);
char *name, *workstation = NULL;
+ int i;
+
if (!tmp_ctx) {
return ENOMEM;
}
ret = krb5_unparse_name(context, entry_ex->entry.principal, &name);
if (ret != 0) {
talloc_free(tmp_ctx);
+ return ret;
}
+
+ for (i=0; i < addresses->len; i++) {
+ if (addresses->val->addr_type == KRB5_ADDRESS_NETBIOS) {
+ workstation = talloc_strndup(tmp_ctx, addresses->val->address.data, MIN(addresses->val->address.length, 15));
+ if (workstation) {
+ break;
+ }
+ }
+ }
+
+ /* Strip space padding */
+ if (workstation) {
+ i = MIN(strlen(workstation), 15);
+ for (; i > 0 && workstation[i - 1] == ' '; i--) {
+ workstation[i - 1] = '\0';
+ }
+ }
+
nt_status = authsam_account_ok(tmp_ctx,
private->samdb,
MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT | MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT,
git.samba.org / jelmer / samba4-debian.git / commitdiff