1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

Try to compile as much as possible with only ldap, but not kerberos.

(This used to be commit 9615ab10c0)
This commit is contained in:
Andrew Bartlett 2002-09-28 14:42:32 +00:00
parent b1361525c6
commit 4e73790e3a
4 changed files with 35 additions and 36 deletions

View File

@ -20,8 +20,6 @@
#include "includes.h"
#ifdef HAVE_ADS
static struct perm_mask_str {
uint32 mask;
char *str;
@ -158,5 +156,4 @@ void ads_disp_sd(SEC_DESC *sd)
printf("-------------- End Of Security Descriptor\n");
}
#endif

View File

@ -471,4 +471,35 @@ ADS_STATUS kerberos_set_password(const char *kpasswd_server,
}
/**
* Set the machine account password
* @param ads connection to ads server
* @param hostname machine whose password is being set
* @param password new password
* @return status of password change
**/
ADS_STATUS ads_set_machine_password(ADS_STRUCT *ads,
const char *hostname,
const char *password)
{
ADS_STATUS status;
char *host = strdup(hostname);
char *principal;
strlower(host);
/*
we need to use the '$' form of the name here, as otherwise the
server might end up setting the password for a user instead
*/
asprintf(&principal, "%s$@%s", host, ads->auth.realm);
status = krb5_set_password(ads->auth.kdc_server, principal, password, ads->auth.time_offset);
free(host);
free(principal);
return status;
}
#endif

View File

@ -22,7 +22,7 @@
#include "includes.h"
#ifdef HAVE_ADS
#ifdef HAVE_LDAP
/**
* @file ldap.c
@ -1443,37 +1443,6 @@ ads_set_sd_error:
return ret;
}
/**
* Set the machine account password
* @param ads connection to ads server
* @param hostname machine whose password is being set
* @param password new password
* @return status of password change
**/
ADS_STATUS ads_set_machine_password(ADS_STRUCT *ads,
const char *hostname,
const char *password)
{
ADS_STATUS status;
char *host = strdup(hostname);
char *principal;
strlower(host);
/*
we need to use the '$' form of the name here, as otherwise the
server might end up setting the password for a user instead
*/
asprintf(&principal, "%s$@%s", host, ads->auth.realm);
status = krb5_set_password(ads->auth.kdc_server, principal, password, ads->auth.time_offset);
free(host);
free(principal);
return status;
}
/**
* pull the first entry from a ADS result
* @param ads connection to ads server

View File

@ -20,7 +20,7 @@
#include "includes.h"
#ifdef HAVE_ADS
#ifdef HAVE_LDAP
/*
perform a LDAP/SASL/SPNEGO/NTLMSSP bind (just how many layers can
@ -190,10 +190,12 @@ static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads)
}
DEBUG(3,("got principal=%s\n", principal));
#ifdef HAVE_KRB5
if (!(ads->auth.flags & ADS_AUTH_DISABLE_KERBEROS) &&
got_kerberos_mechanism && ads_kinit_password(ads) == 0) {
return ads_sasl_spnego_krb5_bind(ads, principal);
}
#endif
/* lets do NTLMSSP ... this has the big advantage that we don't need
to sync clocks, and we don't rely on special versions of the krb5