diff options
| author | Andrew Tridgell <tridge@samba.org> | 2001-12-05 09:46:53 +0000 |
|---|---|---|
| committer | Andrew Tridgell <tridge@samba.org> | 2001-12-05 09:46:53 +0000 |
| commit | 9421ad4a7a900b219f87754bc20fa14f2f22fd35 (patch) | |
| tree | 555b136a1ba6bb77e540ab61ec549f44e6426484 /source3/libads | |
| parent | cc3aff7436e8730efb6511ca18308830cc40cb61 (diff) | |
| download | samba-9421ad4a7a900b219f87754bc20fa14f2f22fd35.tar.gz samba-9421ad4a7a900b219f87754bc20fa14f2f22fd35.tar.bz2 samba-9421ad4a7a900b219f87754bc20fa14f2f22fd35.zip | |
added a REALLY gross hack into kerberos_kinit_password so that
winbindd can do a kinit
this will be removed once we have code that gets a tgt
and puts it in a place where cyrus-sasl can see it
(This used to be commit 7d94f1b7365215a020d3678d03d820a7d086174f)
Diffstat (limited to 'source3/libads')
| -rw-r--r-- | source3/libads/ads_struct.c | 5 | ||||
| -rw-r--r-- | source3/libads/kerberos.c | 21 | ||||
| -rw-r--r-- | source3/libads/ldap.c | 4 |
3 files changed, 29 insertions, 1 deletions
diff --git a/source3/libads/ads_struct.c b/source3/libads/ads_struct.c index 2d8bf06156..83c8f5b404 100644 --- a/source3/libads/ads_struct.c +++ b/source3/libads/ads_struct.c @@ -134,7 +134,8 @@ static char *find_ldap_server(ADS_STRUCT *ads) */ ADS_STRUCT *ads_init(const char *realm, const char *ldap_server, - const char *bind_path) + const char *bind_path, + const char *password) { ADS_STRUCT *ads; @@ -145,6 +146,7 @@ ADS_STRUCT *ads_init(const char *realm, ads->ldap_server = ldap_server? strdup(ldap_server) : NULL; ads->bind_path = bind_path? strdup(bind_path) : NULL; ads->ldap_port = LDAP_PORT; + if (password) ads->password = strdup(password); if (!ads->realm) { ads->realm = strdup(lp_realm()); @@ -181,6 +183,7 @@ void ads_destroy(ADS_STRUCT **ads) SAFE_FREE((*ads)->ldap_server); SAFE_FREE((*ads)->kdc_server); SAFE_FREE((*ads)->bind_path); + SAFE_FREE((*ads)->password); ZERO_STRUCTP(*ads); SAFE_FREE(*ads); } diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c index a3aa8b1661..1b0de382bd 100644 --- a/source3/libads/kerberos.c +++ b/source3/libads/kerberos.c @@ -23,6 +23,27 @@ #ifdef HAVE_KRB5 + +/* VERY nasty hack until we have proper kerberos code for this */ +void kerberos_kinit_password(ADS_STRUCT *ads) +{ + char *s; + FILE *f; + extern pstring global_myname; + fstring myname; + fstrcpy(myname, global_myname); + strlower(myname); + asprintf(&s, "kinit 'HOST/%s@%s'", global_myname, ads->realm); + DEBUG(0,("HACK!! Running %s\n", s)); + f = popen(s, "w"); + if (f) { + fprintf(f,"%s\n", ads->password); + fflush(f); + fclose(f); + } + free(s); +} + /* verify an incoming ticket and parse out the principal name and authorization_data if available diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 14fd716058..287ea225a1 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -70,6 +70,10 @@ int ads_connect(ADS_STRUCT *ads) } ldap_set_option(ads->ld, LDAP_OPT_PROTOCOL_VERSION, &version); + if (ads->password) { + kerberos_kinit_password(ads); + } + rc = ldap_sasl_interactive_bind_s(ads->ld, NULL, NULL, NULL, NULL, LDAP_SASL_QUIET, sasl_interact, NULL); |