diff options
author | Günther Deschner <gd@samba.org> | 2008-06-24 12:11:06 +0200 |
---|---|---|
committer | Günther Deschner <gd@samba.org> | 2008-06-24 23:37:40 +0200 |
commit | 6b4b76c40e965c7544097aa652eb6455af2ae8c1 (patch) | |
tree | bc5fd49635410cf2d361405e4a0d8e998b0dfeb7 | |
parent | 640a2972c555a456ea9a083bdc7aae8ea283492a (diff) | |
download | samba-6b4b76c40e965c7544097aa652eb6455af2ae8c1.tar.gz samba-6b4b76c40e965c7544097aa652eb6455af2ae8c1.tar.bz2 samba-6b4b76c40e965c7544097aa652eb6455af2ae8c1.zip |
libads: add ADS_AUTH_USER_CREDS to avoid magic overwriting of usernames.
Guenther
(This used to be commit b5aaf5aa0f280f69e05b613271c96473a79b812e)
-rw-r--r-- | source3/include/ads.h | 17 | ||||
-rw-r--r-- | source3/libads/kerberos.c | 6 |
2 files changed, 15 insertions, 8 deletions
diff --git a/source3/include/ads.h b/source3/include/ads.h index d5ce88babe..d4551765aa 100644 --- a/source3/include/ads.h +++ b/source3/include/ads.h @@ -320,14 +320,15 @@ typedef void **ADS_MODLIST; #define ADS_DNS_FOREST 0x80000000 /* DnsForestName is a DNS name */ /* ads auth control flags */ -#define ADS_AUTH_DISABLE_KERBEROS 0x01 -#define ADS_AUTH_NO_BIND 0x02 -#define ADS_AUTH_ANON_BIND 0x04 -#define ADS_AUTH_SIMPLE_BIND 0x08 -#define ADS_AUTH_ALLOW_NTLMSSP 0x10 -#define ADS_AUTH_SASL_SIGN 0x20 -#define ADS_AUTH_SASL_SEAL 0x40 -#define ADS_AUTH_SASL_FORCE 0x80 +#define ADS_AUTH_DISABLE_KERBEROS 0x0001 +#define ADS_AUTH_NO_BIND 0x0002 +#define ADS_AUTH_ANON_BIND 0x0004 +#define ADS_AUTH_SIMPLE_BIND 0x0008 +#define ADS_AUTH_ALLOW_NTLMSSP 0x0010 +#define ADS_AUTH_SASL_SIGN 0x0020 +#define ADS_AUTH_SASL_SEAL 0x0040 +#define ADS_AUTH_SASL_FORCE 0x0080 +#define ADS_AUTH_USER_CREDS 0x0100 /* Kerberos environment variable names */ #define KRB5_ENV_CCNAME "KRB5CCNAME" diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c index c4135f24a1..31e5af4224 100644 --- a/source3/libads/kerberos.c +++ b/source3/libads/kerberos.c @@ -323,6 +323,11 @@ int ads_kinit_password(ADS_STRUCT *ads) const char *account_name; fstring acct_name; + if (ads->auth.flags & ADS_AUTH_USER_CREDS) { + account_name = ads->auth.user_name; + goto got_accountname; + } + if ( IS_DC ) { /* this will end up getting a ticket for DOMAIN@RUSTED.REA.LM */ account_name = lp_workgroup(); @@ -338,6 +343,7 @@ int ads_kinit_password(ADS_STRUCT *ads) account_name = ads->auth.user_name; } + got_accountname: if (asprintf(&s, "%s@%s", account_name, ads->auth.realm) == -1) { return KRB5_CC_NOMEM; } |