From 9615ab10c006d8027f6a8b7dd3770eb77304dbdc Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 28 Sep 2002 14:42:32 +0000 Subject: Try to compile as much as possible with only ldap, but not kerberos. --- source/libads/disp_sec.c | 3 --- source/libads/krb5_setpw.c | 31 +++++++++++++++++++++++++++++++ source/libads/ldap.c | 33 +-------------------------------- source/libads/sasl.c | 4 +++- 4 files changed, 35 insertions(+), 36 deletions(-) (limited to 'source') diff --git a/source/libads/disp_sec.c b/source/libads/disp_sec.c index a930fd6fe09..a7b0bf6f07c 100644 --- a/source/libads/disp_sec.c +++ b/source/libads/disp_sec.c @@ -20,8 +20,6 @@ #include "includes.h" -#ifdef HAVE_ADS - static struct perm_mask_str { uint32 mask; char *str; @@ -158,5 +156,4 @@ void ads_disp_sd(SEC_DESC *sd) printf("-------------- End Of Security Descriptor\n"); } -#endif diff --git a/source/libads/krb5_setpw.c b/source/libads/krb5_setpw.c index a49b6cbe3b0..8079c0953fc 100644 --- a/source/libads/krb5_setpw.c +++ b/source/libads/krb5_setpw.c @@ -471,4 +471,35 @@ ADS_STATUS kerberos_set_password(const char *kpasswd_server, } +/** + * Set the machine account password + * @param ads connection to ads server + * @param hostname machine whose password is being set + * @param password new password + * @return status of password change + **/ +ADS_STATUS ads_set_machine_password(ADS_STRUCT *ads, + const char *hostname, + const char *password) +{ + ADS_STATUS status; + char *host = strdup(hostname); + char *principal; + + strlower(host); + + /* + we need to use the '$' form of the name here, as otherwise the + server might end up setting the password for a user instead + */ + asprintf(&principal, "%s$@%s", host, ads->auth.realm); + + status = krb5_set_password(ads->auth.kdc_server, principal, password, ads->auth.time_offset); + + free(host); + free(principal); + + return status; +} + #endif diff --git a/source/libads/ldap.c b/source/libads/ldap.c index 1004ea229c6..2133bf0719d 100644 --- a/source/libads/ldap.c +++ b/source/libads/ldap.c @@ -22,7 +22,7 @@ #include "includes.h" -#ifdef HAVE_ADS +#ifdef HAVE_LDAP /** * @file ldap.c @@ -1443,37 +1443,6 @@ ads_set_sd_error: return ret; } -/** - * Set the machine account password - * @param ads connection to ads server - * @param hostname machine whose password is being set - * @param password new password - * @return status of password change - **/ -ADS_STATUS ads_set_machine_password(ADS_STRUCT *ads, - const char *hostname, - const char *password) -{ - ADS_STATUS status; - char *host = strdup(hostname); - char *principal; - - strlower(host); - - /* - we need to use the '$' form of the name here, as otherwise the - server might end up setting the password for a user instead - */ - asprintf(&principal, "%s$@%s", host, ads->auth.realm); - - status = krb5_set_password(ads->auth.kdc_server, principal, password, ads->auth.time_offset); - - free(host); - free(principal); - - return status; -} - /** * pull the first entry from a ADS result * @param ads connection to ads server diff --git a/source/libads/sasl.c b/source/libads/sasl.c index f7dd01084a2..aa7d99a5f7c 100644 --- a/source/libads/sasl.c +++ b/source/libads/sasl.c @@ -20,7 +20,7 @@ #include "includes.h" -#ifdef HAVE_ADS +#ifdef HAVE_LDAP /* perform a LDAP/SASL/SPNEGO/NTLMSSP bind (just how many layers can @@ -190,10 +190,12 @@ static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads) } DEBUG(3,("got principal=%s\n", principal)); +#ifdef HAVE_KRB5 if (!(ads->auth.flags & ADS_AUTH_DISABLE_KERBEROS) && got_kerberos_mechanism && ads_kinit_password(ads) == 0) { return ads_sasl_spnego_krb5_bind(ads, principal); } +#endif /* lets do NTLMSSP ... this has the big advantage that we don't need to sync clocks, and we don't rely on special versions of the krb5 -- cgit