added internal sasl/gssapi code. This means we are no longer dependent on cyrus-sasl which makes the code much less fragile. Also added code to auto-determine the server name or realm

(This used to be commit 435fdf276a79c2a517adcd7726933aeef3fa924b)

1 files changed, 17 insertions, 7 deletions

diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index 19e8ffdc00..521fe0d5eb 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -85,19 +85,29 @@ int ads_kinit_password(ADS_STRUCT *ads)
 {
 	char *s;
 	int ret;
-	extern pstring global_myname;
-	fstring myname;
+	char *ccache;
+
+	ccache = lock_path("winbindd_ccache");
 
 	/* we don't want this to affect the users ccache */
-	setenv("KRB5CCNAME", lock_path("winbindd_ccache"), 1);
+	setenv("KRB5CCNAME", ccache, 1);
 
-	fstrcpy(myname, global_myname);
-	strlower(myname);
-	asprintf(&s, "HOST/%s@%s", global_myname, ads->realm);
+	unlink(ccache);
+
+	if (!ads->user_name) {
+		/* by default use the machine account */
+		extern pstring global_myname;
+		fstring myname;
+		fstrcpy(myname, global_myname);
+		strlower(myname);
+		asprintf(&ads->user_name, "HOST/%s", global_myname);
+	}
+	asprintf(&s, "%s@%s", ads->user_name, ads->realm);
 	ret = kerberos_kinit_password(s, ads->password);
 	free(s);
 	if (ret) {
-		DEBUG(1,("kerberos_kinit_password failed: %s\n", error_message(ret)));
+		DEBUG(1,("kerberos_kinit_password %s failed: %s\n", 
+			 s, error_message(ret)));
 	}
 	return ret;
 }