summaryrefslogtreecommitdiff
path: root/source3/libads
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2006-08-31 01:20:21 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 11:39:01 -0500
commit6fada7a82aa67e7b80ff003bd527092da68542c8 (patch)
tree0ab9bac0531b4ac511e0d42979d04cf6dff559eb /source3/libads
parent256172f7d6dd384ea95457dd6322e0289057ac56 (diff)
downloadsamba-6fada7a82aa67e7b80ff003bd527092da68542c8.tar.gz
samba-6fada7a82aa67e7b80ff003bd527092da68542c8.tar.bz2
samba-6fada7a82aa67e7b80ff003bd527092da68542c8.zip
r17943: The horror, the horror. Add KDC site support by
writing out a custom krb5.conf file containing the KDC I need. This may suck.... Needs some testing :-). Jeremy. (This used to be commit d500e1f96d92dfcc6292c448d1b399195f762d89)
Diffstat (limited to 'source3/libads')
-rw-r--r--source3/libads/cldap.c2
-rw-r--r--source3/libads/kerberos.c58
-rw-r--r--source3/libads/ldap.c1
3 files changed, 59 insertions, 2 deletions
diff --git a/source3/libads/cldap.c b/source3/libads/cldap.c
index 3a6083558f..da1dec6b93 100644
--- a/source3/libads/cldap.c
+++ b/source3/libads/cldap.c
@@ -306,5 +306,3 @@ BOOL ads_cldap_netlogon(const char *server, const char *realm, struct cldap_net
return True;
}
-
-
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index 910207968c..4e4e4cfebf 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -464,4 +464,62 @@ int kerberos_kinit_password(const char *principal,
0);
}
+/************************************************************************
+ Create a specific krb5.conf file in the private directory pointing
+ at a specific kdc for a realm. Keyed off domain name. Sets
+ KRB5_CONFIG environment variable to point to this file. Must be
+ run as root or will fail (which is a good thing :-).
+************************************************************************/
+
+BOOL create_local_private_krb5_conf_for_domain(const char *realm, const char *domain, struct in_addr ip)
+{
+ XFILE *xfp = NULL;
+ char *fname = talloc_asprintf(NULL, "%s/smb_krb5.conf.%s", lp_private_dir(), domain);
+ char *file_contents = NULL;
+ size_t flen = 0;
+
+ if (!fname) {
+ return False;
+ }
+
+ file_contents = talloc_asprintf(fname, "[libdefaults]\n\tdefault_realm = %s\n"
+ "[realms]\n\t%s = {\n"
+ "\t\tkdc = %s\n]\n",
+ realm, realm, inet_ntoa(ip));
+
+ if (!file_contents) {
+ TALLOC_FREE(fname);
+ return False;
+ }
+
+ flen = strlen(file_contents);
+ xfp = x_fopen(fname, O_CREAT|O_WRONLY, 0600);
+ if (!xfp) {
+ TALLOC_FREE(fname);
+ return False;
+ }
+ /* Lock the file. */
+ if (!fcntl_lock(xfp->fd, F_SETLKW, 0, 1, F_WRLCK)) {
+ unlink(fname);
+ x_fclose(xfp);
+ TALLOC_FREE(fname);
+ return False;
+ }
+
+ if (x_fwrite(file_contents, flen, 1, xfp) != flen) {
+ unlink(fname);
+ x_fclose(xfp);
+ TALLOC_FREE(fname);
+ return False;
+ }
+ if (x_fclose(xfp)==-1) {
+ unlink(fname);
+ TALLOC_FREE(fname);
+ return False;
+ }
+ /* Set the environment variable to this file. */
+ setenv("KRB5_CONFIG", fname, 1);
+ TALLOC_FREE(fname);
+ return True;
+}
#endif
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index 947f58a8fd..1d192895d9 100644
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -159,6 +159,7 @@ BOOL ads_try_connect(ADS_STRUCT *ads, const char *server )
SAFE_FREE(ads->config.ldap_server_name);
SAFE_FREE(ads->server.workgroup);
+ ads->config.flags = cldap_reply.flags;
ads->config.ldap_server_name = SMB_STRDUP(cldap_reply.hostname);
strupper_m(cldap_reply.domain);
ads->config.realm = SMB_STRDUP(cldap_reply.domain);