mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
Try to compile as much as possible with only ldap, but not kerberos.
(This used to be commit 9615ab10c0
)
This commit is contained in:
parent
b1361525c6
commit
4e73790e3a
@ -20,8 +20,6 @@
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
#ifdef HAVE_ADS
|
||||
|
||||
static struct perm_mask_str {
|
||||
uint32 mask;
|
||||
char *str;
|
||||
@ -158,5 +156,4 @@ void ads_disp_sd(SEC_DESC *sd)
|
||||
printf("-------------- End Of Security Descriptor\n");
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
|
@ -471,4 +471,35 @@ ADS_STATUS kerberos_set_password(const char *kpasswd_server,
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Set the machine account password
|
||||
* @param ads connection to ads server
|
||||
* @param hostname machine whose password is being set
|
||||
* @param password new password
|
||||
* @return status of password change
|
||||
**/
|
||||
ADS_STATUS ads_set_machine_password(ADS_STRUCT *ads,
|
||||
const char *hostname,
|
||||
const char *password)
|
||||
{
|
||||
ADS_STATUS status;
|
||||
char *host = strdup(hostname);
|
||||
char *principal;
|
||||
|
||||
strlower(host);
|
||||
|
||||
/*
|
||||
we need to use the '$' form of the name here, as otherwise the
|
||||
server might end up setting the password for a user instead
|
||||
*/
|
||||
asprintf(&principal, "%s$@%s", host, ads->auth.realm);
|
||||
|
||||
status = krb5_set_password(ads->auth.kdc_server, principal, password, ads->auth.time_offset);
|
||||
|
||||
free(host);
|
||||
free(principal);
|
||||
|
||||
return status;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
@ -22,7 +22,7 @@
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
#ifdef HAVE_ADS
|
||||
#ifdef HAVE_LDAP
|
||||
|
||||
/**
|
||||
* @file ldap.c
|
||||
@ -1443,37 +1443,6 @@ ads_set_sd_error:
|
||||
return ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the machine account password
|
||||
* @param ads connection to ads server
|
||||
* @param hostname machine whose password is being set
|
||||
* @param password new password
|
||||
* @return status of password change
|
||||
**/
|
||||
ADS_STATUS ads_set_machine_password(ADS_STRUCT *ads,
|
||||
const char *hostname,
|
||||
const char *password)
|
||||
{
|
||||
ADS_STATUS status;
|
||||
char *host = strdup(hostname);
|
||||
char *principal;
|
||||
|
||||
strlower(host);
|
||||
|
||||
/*
|
||||
we need to use the '$' form of the name here, as otherwise the
|
||||
server might end up setting the password for a user instead
|
||||
*/
|
||||
asprintf(&principal, "%s$@%s", host, ads->auth.realm);
|
||||
|
||||
status = krb5_set_password(ads->auth.kdc_server, principal, password, ads->auth.time_offset);
|
||||
|
||||
free(host);
|
||||
free(principal);
|
||||
|
||||
return status;
|
||||
}
|
||||
|
||||
/**
|
||||
* pull the first entry from a ADS result
|
||||
* @param ads connection to ads server
|
||||
|
@ -20,7 +20,7 @@
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
#ifdef HAVE_ADS
|
||||
#ifdef HAVE_LDAP
|
||||
|
||||
/*
|
||||
perform a LDAP/SASL/SPNEGO/NTLMSSP bind (just how many layers can
|
||||
@ -190,10 +190,12 @@ static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads)
|
||||
}
|
||||
DEBUG(3,("got principal=%s\n", principal));
|
||||
|
||||
#ifdef HAVE_KRB5
|
||||
if (!(ads->auth.flags & ADS_AUTH_DISABLE_KERBEROS) &&
|
||||
got_kerberos_mechanism && ads_kinit_password(ads) == 0) {
|
||||
return ads_sasl_spnego_krb5_bind(ads, principal);
|
||||
}
|
||||
#endif
|
||||
|
||||
/* lets do NTLMSSP ... this has the big advantage that we don't need
|
||||
to sync clocks, and we don't rely on special versions of the krb5
|
||||
|
Loading…
Reference in New Issue
Block a user