[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-2973-gebf3120

Günther Deschner gd at samba.org
Tue Jun 24 21:40:04 GMT 2008 

The branch, v3-3-test has been updated
       via  ebf31203e7cf22e32b986c536279688b17a65d22 (commit)
       via  026018c9f1ed0680b3ca5b26dd6b8dc466e27e0d (commit)
       via  b5aaf5aa0f280f69e05b613271c96473a79b812e (commit)
      from  c273ce8798062d1b55100411f3e92a01bdbf611c (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test


- Log -----------------------------------------------------------------
commit ebf31203e7cf22e32b986c536279688b17a65d22
Author: Günther Deschner <gd at samba.org>
Date:   Tue Jun 24 13:06:38 2008 +0200

    libads: use ads_connect_user_creds in some places.
    
    Guenther

commit 026018c9f1ed0680b3ca5b26dd6b8dc466e27e0d
Author: Günther Deschner <gd at samba.org>
Date:   Tue Jun 24 13:02:03 2008 +0200

    libads: add ads_connect_user_creds() that won't overwrite given user creds.
    
    Guenther

commit b5aaf5aa0f280f69e05b613271c96473a79b812e
Author: Günther Deschner <gd at samba.org>
Date:   Tue Jun 24 12:11:06 2008 +0200

    libads: add ADS_AUTH_USER_CREDS to avoid magic overwriting of usernames.
    
    Guenther

-----------------------------------------------------------------------

Summary of changes:
 source/include/ads.h           |   17 +++++++++--------
 source/include/proto.h         |    1 +
 source/lib/netapi/joindomain.c |    2 +-
 source/libads/kerberos.c       |    6 ++++++
 source/libads/ldap.c           |   12 ++++++++++++
 source/libnet/libnet_join.c    |    2 +-
 6 files changed, 30 insertions(+), 10 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/include/ads.h b/source/include/ads.h
index d5ce88b..d455176 100644
--- a/source/include/ads.h
+++ b/source/include/ads.h
@@ -320,14 +320,15 @@ typedef void **ADS_MODLIST;
 #define ADS_DNS_FOREST     0x80000000  /* DnsForestName is a DNS name */
 
 /* ads auth control flags */
-#define ADS_AUTH_DISABLE_KERBEROS 0x01
-#define ADS_AUTH_NO_BIND          0x02
-#define ADS_AUTH_ANON_BIND        0x04
-#define ADS_AUTH_SIMPLE_BIND      0x08
-#define ADS_AUTH_ALLOW_NTLMSSP    0x10
-#define ADS_AUTH_SASL_SIGN        0x20
-#define ADS_AUTH_SASL_SEAL        0x40
-#define ADS_AUTH_SASL_FORCE       0x80
+#define ADS_AUTH_DISABLE_KERBEROS 0x0001
+#define ADS_AUTH_NO_BIND          0x0002
+#define ADS_AUTH_ANON_BIND        0x0004
+#define ADS_AUTH_SIMPLE_BIND      0x0008
+#define ADS_AUTH_ALLOW_NTLMSSP    0x0010
+#define ADS_AUTH_SASL_SIGN        0x0020
+#define ADS_AUTH_SASL_SEAL        0x0040
+#define ADS_AUTH_SASL_FORCE       0x0080
+#define ADS_AUTH_USER_CREDS       0x0100
 
 /* Kerberos environment variable names */
 #define KRB5_ENV_CCNAME "KRB5CCNAME"
diff --git a/source/include/proto.h b/source/include/proto.h
index 68e3926..75b616b 100644
--- a/source/include/proto.h
+++ b/source/include/proto.h
@@ -2063,6 +2063,7 @@ bool ads_sitename_match(ADS_STRUCT *ads);
 bool ads_closest_dc(ADS_STRUCT *ads);
 bool ads_try_connect(ADS_STRUCT *ads, const char *server );
 ADS_STATUS ads_connect(ADS_STRUCT *ads);
+ADS_STATUS ads_connect_user_creds(ADS_STRUCT *ads);
 void ads_disconnect(ADS_STRUCT *ads);
 ADS_STATUS ads_do_search_all_fn(ADS_STRUCT *ads, const char *bind_path,
 				int scope, const char *expr, const char **attrs,
diff --git a/source/lib/netapi/joindomain.c b/source/lib/netapi/joindomain.c
index 66f7cfb..a33e0ee 100644
--- a/source/lib/netapi/joindomain.c
+++ b/source/lib/netapi/joindomain.c
@@ -389,7 +389,7 @@ WERROR NetGetJoinableOUs_l(struct libnetapi_ctx *ctx,
 		ads->auth.password = SMB_STRDUP(ctx->password);
 	}
 
-	ads_status = ads_connect(ads);
+	ads_status = ads_connect_user_creds(ads);
 	if (!ADS_ERR_OK(ads_status)) {
 		ads_destroy(&ads);
 		return WERR_DEFAULT_JOIN_REQUIRED;
diff --git a/source/libads/kerberos.c b/source/libads/kerberos.c
index c4135f2..31e5af4 100644
--- a/source/libads/kerberos.c
+++ b/source/libads/kerberos.c
@@ -323,6 +323,11 @@ int ads_kinit_password(ADS_STRUCT *ads)
 	const char *account_name;
 	fstring acct_name;
 
+	if (ads->auth.flags & ADS_AUTH_USER_CREDS) {
+		account_name = ads->auth.user_name;
+		goto got_accountname;
+	}
+
 	if ( IS_DC ) {
 		/* this will end up getting a ticket for DOMAIN at RUSTED.REA.LM */
 		account_name = lp_workgroup();
@@ -338,6 +343,7 @@ int ads_kinit_password(ADS_STRUCT *ads)
 			account_name = ads->auth.user_name;
 	}
 
+ got_accountname:
 	if (asprintf(&s, "%s@%s", account_name, ads->auth.realm) == -1) {
 		return KRB5_CC_NOMEM;
 	}
diff --git a/source/libads/ldap.c b/source/libads/ldap.c
index 7b9e510..7c64082 100644
--- a/source/libads/ldap.c
+++ b/source/libads/ldap.c
@@ -527,6 +527,18 @@ got_connection:
 }
 
 /**
+ * Connect to the LDAP server using given credentials
+ * @param ads Pointer to an existing ADS_STRUCT
+ * @return status of connection
+ **/
+ADS_STATUS ads_connect_user_creds(ADS_STRUCT *ads)
+{
+	ads->auth.flags |= ADS_AUTH_USER_CREDS;
+
+	return ads_connect(ads);
+}
+
+/**
  * Disconnect the LDAP server
  * @param ads Pointer to an existing ADS_STRUCT
  **/
diff --git a/source/libnet/libnet_join.c b/source/libnet/libnet_join.c
index 3678ff9..4a2a658 100644
--- a/source/libnet/libnet_join.c
+++ b/source/libnet/libnet_join.c
@@ -124,7 +124,7 @@ static ADS_STATUS libnet_connect_ads(const char *dns_domain_name,
 		my_ads->auth.password = SMB_STRDUP(password);
 	}
 
-	status = ads_connect(my_ads);
+	status = ads_connect_user_creds(my_ads);
 	if (!ADS_ERR_OK(status)) {
 		ads_destroy(&my_ads);
 		return status;


-- 
Samba Shared Repository

More information about the samba-cvs mailing list