From 6f0cafa6cf5957ee549e46e899e8bc83eeca52c2 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Wed, 28 Sep 2011 14:18:14 +1000
Subject: [PATCH] heimdal: handle referrals for 3 part DRSUAPI SPNs

This handles referrals for SPNs of the form
E3514235-4B06-11D1-AB04-00C04FC2DCD2/NTDSGUID/REALM, which are
used during DRS replication when we don't know the dnsHostName of the
target DC (which we don't know until the first replication from that
DC completes).

We use the 3rd part of the SPN directly as the realm name in the
referral.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
---
 kdc/krb5tgs.c | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/kdc/krb5tgs.c b/kdc/krb5tgs.c
index 347a4221d..369292b75 100644
--- a/kdc/krb5tgs.c
+++ b/kdc/krb5tgs.c
@@ -1122,7 +1122,24 @@ need_referral(krb5_context context, krb5_kdc_configuration *config,
 
     if (server->name.name_string.len == 1)
 	name = server->name.name_string.val[0];
-    else if (server->name.name_string.len > 1)
+    else if (server->name.name_string.len == 3 &&
+	     strcasecmp("E3514235-4B06-11D1-AB04-00C04FC2DCD2", server->name.name_string.val[0]) == 0) {
+	/*
+	  This is used to give referrals for the
+	  E3514235-4B06-11D1-AB04-00C04FC2DCD2/NTDSGUID/DNSDOMAIN
+	  SPN form, which is used for inter-domain communication in AD
+	 */
+	name = server->name.name_string.val[2];
+	kdc_log(context, config, 0, "Giving 3 part DRSUAPI referral for %s", name);
+	*realms = malloc(sizeof(char *)*2);
+	if (*realms == NULL) {
+	    krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
+	    return FALSE;
+	}
+	(*realms)[0] = strdup(name);
+	(*realms)[1] = NULL;
+	return TRUE;
+    } else if (server->name.name_string.len > 1)
 	name = server->name.name_string.val[1];
     else
 	return FALSE;