This is needed to give hdb_samba4 the full control over the returned
principal, rather than the new code in the Heimdal KDC.
Including changes selected from code by Stefan Metzmacher <metze@samba.org>
in his Heimdal upgrade branch.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
/* First try and figure out the flags based on the userAccountControl */
entry_ex->entry.flags = uf2SDBFlags(context, userAccountControl, ent_type);
+ /*
+ * Take control of the returned principal here, rather than
+ * allowing the Heimdal code to do it as we have specific
+ * behaviour around the forced realm to honour
+ */
+ entry_ex->entry.flags.force_canonicalize = true;
+
/* Windows 2008 seems to enforce this (very sensible) rule by
* default - don't allow offline attacks on a user's password
* by asking for a ticket to them as a service (encrypted with
unsigned int _unused27:1;
unsigned int _unused28:1;
unsigned int _unused29:1;
- unsigned int _unused30:1;
+ unsigned int force_canonicalize:1;
unsigned int do_not_store:1;
};
h->_unused27 = s->_unused27;
h->_unused28 = s->_unused28;
h->_unused29 = s->_unused29;
- h->_unused30 = s->_unused30;
+ h->force_canonicalize = s->force_canonicalize;
h->do_not_store = s->do_not_store;
}
projects / thirdparty / samba.git / commitdiff
