freeipa

Clone
Source Code
GIT

426759f ipa-cldap: support NETLOGON_NT_VERSION_5EX_WITH_IP properly

1 file Authored by abbra 9 years ago, Committed by mkosek 9 years ago,
raw patch tree parent
1 file changed. 12 lines added. 7 lines removed.
daemons/ipa-slapi-plugins/ipa-cldap/ipa_cldap_netlogon.c
file modified
+12 -7 
    ipa-cldap: support NETLOGON_NT_VERSION_5EX_WITH_IP properly
    
    According to MS-ADTS 6.3.3.2, "Domain Controller Response to an LDAP Ping",
    if NETLOGON_NT_VERSION_5EX_WITH_IP is requested in NtVer, we should fill the
    socket address of the server and set the NtVer of the response accordingly.
    
    The behavior is a bit unclear from 6.3.3.2 but Samba expects LDAP ping to behave
    the same way as a mailslot ping, described in 6.3.5, where socket address of the
    server is included only if _WITH_IP variant was requested in NtVer.  If NtVer
    only contains NETLOGON_NT_VERSION_5EX (without _WITH_IP bit), socket
    address should not be filled in.
    
    Additionally, this means we should use special variant of
    ndr_push_NETLOGON_SAM_LOGON_RESPONSE_EX helper named
    ndr_push_NETLOGON_SAM_LOGON_RESPONSE_EX_with_flags to properly handle optional
    existence of the socket address in the response.
    
    https://fedorahosted.org/freeipa/ticket/4827
    
    Reviewed-By: Sumit Bose <sbose@redhat.com>
    Reviewed-By: Simo Sorce <ssorce@redhat.com>
file modified
+12 -7
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.