From 6fada7a82aa67e7b80ff003bd527092da68542c8 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 31 Aug 2006 01:20:21 +0000 Subject: r17943: The horror, the horror. Add KDC site support by writing out a custom krb5.conf file containing the KDC I need. This may suck.... Needs some testing :-). Jeremy. (This used to be commit d500e1f96d92dfcc6292c448d1b399195f762d89) --- source3/libads/cldap.c | 2 -- source3/libads/kerberos.c | 58 +++++++++++++++++++++++++++++++++++++++++++++++ source3/libads/ldap.c | 1 + 3 files changed, 59 insertions(+), 2 deletions(-) (limited to 'source3/libads') diff --git a/source3/libads/cldap.c b/source3/libads/cldap.c index 3a6083558f1..da1dec6b931 100644 --- a/source3/libads/cldap.c +++ b/source3/libads/cldap.c @@ -306,5 +306,3 @@ BOOL ads_cldap_netlogon(const char *server, const char *realm, struct cldap_net return True; } - - diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c index 910207968c8..4e4e4cfebf8 100644 --- a/source3/libads/kerberos.c +++ b/source3/libads/kerberos.c @@ -464,4 +464,62 @@ int kerberos_kinit_password(const char *principal, 0); } +/************************************************************************ + Create a specific krb5.conf file in the private directory pointing + at a specific kdc for a realm. Keyed off domain name. Sets + KRB5_CONFIG environment variable to point to this file. Must be + run as root or will fail (which is a good thing :-). +************************************************************************/ + +BOOL create_local_private_krb5_conf_for_domain(const char *realm, const char *domain, struct in_addr ip) +{ + XFILE *xfp = NULL; + char *fname = talloc_asprintf(NULL, "%s/smb_krb5.conf.%s", lp_private_dir(), domain); + char *file_contents = NULL; + size_t flen = 0; + + if (!fname) { + return False; + } + + file_contents = talloc_asprintf(fname, "[libdefaults]\n\tdefault_realm = %s\n" + "[realms]\n\t%s = {\n" + "\t\tkdc = %s\n]\n", + realm, realm, inet_ntoa(ip)); + + if (!file_contents) { + TALLOC_FREE(fname); + return False; + } + + flen = strlen(file_contents); + xfp = x_fopen(fname, O_CREAT|O_WRONLY, 0600); + if (!xfp) { + TALLOC_FREE(fname); + return False; + } + /* Lock the file. */ + if (!fcntl_lock(xfp->fd, F_SETLKW, 0, 1, F_WRLCK)) { + unlink(fname); + x_fclose(xfp); + TALLOC_FREE(fname); + return False; + } + + if (x_fwrite(file_contents, flen, 1, xfp) != flen) { + unlink(fname); + x_fclose(xfp); + TALLOC_FREE(fname); + return False; + } + if (x_fclose(xfp)==-1) { + unlink(fname); + TALLOC_FREE(fname); + return False; + } + /* Set the environment variable to this file. */ + setenv("KRB5_CONFIG", fname, 1); + TALLOC_FREE(fname); + return True; +} #endif diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 947f58a8fd5..1d192895d90 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -159,6 +159,7 @@ BOOL ads_try_connect(ADS_STRUCT *ads, const char *server ) SAFE_FREE(ads->config.ldap_server_name); SAFE_FREE(ads->server.workgroup); + ads->config.flags = cldap_reply.flags; ads->config.ldap_server_name = SMB_STRDUP(cldap_reply.hostname); strupper_m(cldap_reply.domain); ads->config.realm = SMB_STRDUP(cldap_reply.domain); -- cgit