diff options
author | Jeremy Allison <jra@samba.org> | 2006-08-31 01:20:21 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 11:39:01 -0500 |
commit | 6fada7a82aa67e7b80ff003bd527092da68542c8 (patch) | |
tree | 0ab9bac0531b4ac511e0d42979d04cf6dff559eb /source3/libads | |
parent | 256172f7d6dd384ea95457dd6322e0289057ac56 (diff) | |
download | samba-6fada7a82aa67e7b80ff003bd527092da68542c8.tar.gz samba-6fada7a82aa67e7b80ff003bd527092da68542c8.tar.bz2 samba-6fada7a82aa67e7b80ff003bd527092da68542c8.zip |
r17943: The horror, the horror. Add KDC site support by
writing out a custom krb5.conf file containing
the KDC I need. This may suck.... Needs some
testing :-).
Jeremy.
(This used to be commit d500e1f96d92dfcc6292c448d1b399195f762d89)
Diffstat (limited to 'source3/libads')
-rw-r--r-- | source3/libads/cldap.c | 2 | ||||
-rw-r--r-- | source3/libads/kerberos.c | 58 | ||||
-rw-r--r-- | source3/libads/ldap.c | 1 |
3 files changed, 59 insertions, 2 deletions
diff --git a/source3/libads/cldap.c b/source3/libads/cldap.c index 3a6083558f..da1dec6b93 100644 --- a/source3/libads/cldap.c +++ b/source3/libads/cldap.c @@ -306,5 +306,3 @@ BOOL ads_cldap_netlogon(const char *server, const char *realm, struct cldap_net return True; } - - diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c index 910207968c..4e4e4cfebf 100644 --- a/source3/libads/kerberos.c +++ b/source3/libads/kerberos.c @@ -464,4 +464,62 @@ int kerberos_kinit_password(const char *principal, 0); } +/************************************************************************ + Create a specific krb5.conf file in the private directory pointing + at a specific kdc for a realm. Keyed off domain name. Sets + KRB5_CONFIG environment variable to point to this file. Must be + run as root or will fail (which is a good thing :-). +************************************************************************/ + +BOOL create_local_private_krb5_conf_for_domain(const char *realm, const char *domain, struct in_addr ip) +{ + XFILE *xfp = NULL; + char *fname = talloc_asprintf(NULL, "%s/smb_krb5.conf.%s", lp_private_dir(), domain); + char *file_contents = NULL; + size_t flen = 0; + + if (!fname) { + return False; + } + + file_contents = talloc_asprintf(fname, "[libdefaults]\n\tdefault_realm = %s\n" + "[realms]\n\t%s = {\n" + "\t\tkdc = %s\n]\n", + realm, realm, inet_ntoa(ip)); + + if (!file_contents) { + TALLOC_FREE(fname); + return False; + } + + flen = strlen(file_contents); + xfp = x_fopen(fname, O_CREAT|O_WRONLY, 0600); + if (!xfp) { + TALLOC_FREE(fname); + return False; + } + /* Lock the file. */ + if (!fcntl_lock(xfp->fd, F_SETLKW, 0, 1, F_WRLCK)) { + unlink(fname); + x_fclose(xfp); + TALLOC_FREE(fname); + return False; + } + + if (x_fwrite(file_contents, flen, 1, xfp) != flen) { + unlink(fname); + x_fclose(xfp); + TALLOC_FREE(fname); + return False; + } + if (x_fclose(xfp)==-1) { + unlink(fname); + TALLOC_FREE(fname); + return False; + } + /* Set the environment variable to this file. */ + setenv("KRB5_CONFIG", fname, 1); + TALLOC_FREE(fname); + return True; +} #endif diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 947f58a8fd..1d192895d9 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -159,6 +159,7 @@ BOOL ads_try_connect(ADS_STRUCT *ads, const char *server ) SAFE_FREE(ads->config.ldap_server_name); SAFE_FREE(ads->server.workgroup); + ads->config.flags = cldap_reply.flags; ads->config.ldap_server_name = SMB_STRDUP(cldap_reply.hostname); strupper_m(cldap_reply.domain); ads->config.realm = SMB_STRDUP(cldap_reply.domain); |