[SCM] Samba Shared Repository - branch v3-3-test updated -
release-3-2-0pre2-2973-gebf3120
Günther Deschner
gd at samba.org
Tue Jun 24 21:40:04 GMT 2008
The branch, v3-3-test has been updated
via ebf31203e7cf22e32b986c536279688b17a65d22 (commit)
via 026018c9f1ed0680b3ca5b26dd6b8dc466e27e0d (commit)
via b5aaf5aa0f280f69e05b613271c96473a79b812e (commit)
from c273ce8798062d1b55100411f3e92a01bdbf611c (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test
- Log -----------------------------------------------------------------
commit ebf31203e7cf22e32b986c536279688b17a65d22
Author: Günther Deschner <gd at samba.org>
Date: Tue Jun 24 13:06:38 2008 +0200
libads: use ads_connect_user_creds in some places.
Guenther
commit 026018c9f1ed0680b3ca5b26dd6b8dc466e27e0d
Author: Günther Deschner <gd at samba.org>
Date: Tue Jun 24 13:02:03 2008 +0200
libads: add ads_connect_user_creds() that won't overwrite given user creds.
Guenther
commit b5aaf5aa0f280f69e05b613271c96473a79b812e
Author: Günther Deschner <gd at samba.org>
Date: Tue Jun 24 12:11:06 2008 +0200
libads: add ADS_AUTH_USER_CREDS to avoid magic overwriting of usernames.
Guenther
-----------------------------------------------------------------------
Summary of changes:
source/include/ads.h | 17 +++++++++--------
source/include/proto.h | 1 +
source/lib/netapi/joindomain.c | 2 +-
source/libads/kerberos.c | 6 ++++++
source/libads/ldap.c | 12 ++++++++++++
source/libnet/libnet_join.c | 2 +-
6 files changed, 30 insertions(+), 10 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/include/ads.h b/source/include/ads.h
index d5ce88b..d455176 100644
--- a/source/include/ads.h
+++ b/source/include/ads.h
@@ -320,14 +320,15 @@ typedef void **ADS_MODLIST;
#define ADS_DNS_FOREST 0x80000000 /* DnsForestName is a DNS name */
/* ads auth control flags */
-#define ADS_AUTH_DISABLE_KERBEROS 0x01
-#define ADS_AUTH_NO_BIND 0x02
-#define ADS_AUTH_ANON_BIND 0x04
-#define ADS_AUTH_SIMPLE_BIND 0x08
-#define ADS_AUTH_ALLOW_NTLMSSP 0x10
-#define ADS_AUTH_SASL_SIGN 0x20
-#define ADS_AUTH_SASL_SEAL 0x40
-#define ADS_AUTH_SASL_FORCE 0x80
+#define ADS_AUTH_DISABLE_KERBEROS 0x0001
+#define ADS_AUTH_NO_BIND 0x0002
+#define ADS_AUTH_ANON_BIND 0x0004
+#define ADS_AUTH_SIMPLE_BIND 0x0008
+#define ADS_AUTH_ALLOW_NTLMSSP 0x0010
+#define ADS_AUTH_SASL_SIGN 0x0020
+#define ADS_AUTH_SASL_SEAL 0x0040
+#define ADS_AUTH_SASL_FORCE 0x0080
+#define ADS_AUTH_USER_CREDS 0x0100
/* Kerberos environment variable names */
#define KRB5_ENV_CCNAME "KRB5CCNAME"
diff --git a/source/include/proto.h b/source/include/proto.h
index 68e3926..75b616b 100644
--- a/source/include/proto.h
+++ b/source/include/proto.h
@@ -2063,6 +2063,7 @@ bool ads_sitename_match(ADS_STRUCT *ads);
bool ads_closest_dc(ADS_STRUCT *ads);
bool ads_try_connect(ADS_STRUCT *ads, const char *server );
ADS_STATUS ads_connect(ADS_STRUCT *ads);
+ADS_STATUS ads_connect_user_creds(ADS_STRUCT *ads);
void ads_disconnect(ADS_STRUCT *ads);
ADS_STATUS ads_do_search_all_fn(ADS_STRUCT *ads, const char *bind_path,
int scope, const char *expr, const char **attrs,
diff --git a/source/lib/netapi/joindomain.c b/source/lib/netapi/joindomain.c
index 66f7cfb..a33e0ee 100644
--- a/source/lib/netapi/joindomain.c
+++ b/source/lib/netapi/joindomain.c
@@ -389,7 +389,7 @@ WERROR NetGetJoinableOUs_l(struct libnetapi_ctx *ctx,
ads->auth.password = SMB_STRDUP(ctx->password);
}
- ads_status = ads_connect(ads);
+ ads_status = ads_connect_user_creds(ads);
if (!ADS_ERR_OK(ads_status)) {
ads_destroy(&ads);
return WERR_DEFAULT_JOIN_REQUIRED;
diff --git a/source/libads/kerberos.c b/source/libads/kerberos.c
index c4135f2..31e5af4 100644
--- a/source/libads/kerberos.c
+++ b/source/libads/kerberos.c
@@ -323,6 +323,11 @@ int ads_kinit_password(ADS_STRUCT *ads)
const char *account_name;
fstring acct_name;
+ if (ads->auth.flags & ADS_AUTH_USER_CREDS) {
+ account_name = ads->auth.user_name;
+ goto got_accountname;
+ }
+
if ( IS_DC ) {
/* this will end up getting a ticket for DOMAIN at RUSTED.REA.LM */
account_name = lp_workgroup();
@@ -338,6 +343,7 @@ int ads_kinit_password(ADS_STRUCT *ads)
account_name = ads->auth.user_name;
}
+ got_accountname:
if (asprintf(&s, "%s@%s", account_name, ads->auth.realm) == -1) {
return KRB5_CC_NOMEM;
}
diff --git a/source/libads/ldap.c b/source/libads/ldap.c
index 7b9e510..7c64082 100644
--- a/source/libads/ldap.c
+++ b/source/libads/ldap.c
@@ -527,6 +527,18 @@ got_connection:
}
/**
+ * Connect to the LDAP server using given credentials
+ * @param ads Pointer to an existing ADS_STRUCT
+ * @return status of connection
+ **/
+ADS_STATUS ads_connect_user_creds(ADS_STRUCT *ads)
+{
+ ads->auth.flags |= ADS_AUTH_USER_CREDS;
+
+ return ads_connect(ads);
+}
+
+/**
* Disconnect the LDAP server
* @param ads Pointer to an existing ADS_STRUCT
**/
diff --git a/source/libnet/libnet_join.c b/source/libnet/libnet_join.c
index 3678ff9..4a2a658 100644
--- a/source/libnet/libnet_join.c
+++ b/source/libnet/libnet_join.c
@@ -124,7 +124,7 @@ static ADS_STATUS libnet_connect_ads(const char *dns_domain_name,
my_ads->auth.password = SMB_STRDUP(password);
}
- status = ads_connect(my_ads);
+ status = ads_connect_user_creds(my_ads);
if (!ADS_ERR_OK(status)) {
ads_destroy(&my_ads);
return status;
--
Samba Shared Repository
More information about the samba-cvs
mailing list