summaryrefslogtreecommitdiff
path: root/source3/nsswitch
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2006-08-31 01:20:21 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 11:39:01 -0500
commit6fada7a82aa67e7b80ff003bd527092da68542c8 (patch)
tree0ab9bac0531b4ac511e0d42979d04cf6dff559eb /source3/nsswitch
parent256172f7d6dd384ea95457dd6322e0289057ac56 (diff)
downloadsamba-6fada7a82aa67e7b80ff003bd527092da68542c8.tar.gz
samba-6fada7a82aa67e7b80ff003bd527092da68542c8.tar.bz2
samba-6fada7a82aa67e7b80ff003bd527092da68542c8.zip
r17943: The horror, the horror. Add KDC site support by
writing out a custom krb5.conf file containing the KDC I need. This may suck.... Needs some testing :-). Jeremy. (This used to be commit d500e1f96d92dfcc6292c448d1b399195f762d89)
Diffstat (limited to 'source3/nsswitch')
-rw-r--r--source3/nsswitch/winbindd_cm.c63
1 files changed, 37 insertions, 26 deletions
diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c
index 2f2bfb60ee..a09faaed94 100644
--- a/source3/nsswitch/winbindd_cm.c
+++ b/source3/nsswitch/winbindd_cm.c
@@ -590,7 +590,43 @@ static BOOL dcip_to_name( const char *domainname, const char *realm,
ip_list.ip = ip;
ip_list.port = 0;
- /* try GETDC requests first */
+#ifdef WITH_ADS
+ /* For active directory servers, try to get the ldap server name.
+ None of these failures should be considered critical for now */
+
+ if ( lp_security() == SEC_ADS ) {
+ ADS_STRUCT *ads;
+
+ ads = ads_init(realm, domainname, NULL);
+ ads->auth.flags |= ADS_AUTH_NO_BIND;
+
+ if (ads_try_connect( ads, inet_ntoa(ip) ) ) {
+ const char *sitename = sitename_fetch();
+ /* We got a cldap packet. */
+ fstrcpy(name, ads->config.ldap_server_name);
+ namecache_store(name, 0x20, 1, &ip_list);
+
+#ifdef HAVE_KRB5
+ if ((ads->config.flags & ADS_KDC) && sitename) {
+ /* We're going to use this KDC for this realm/domain.
+ If we are using sites, then force the krb5 libs
+ to use this KDC. */
+
+ create_local_private_krb5_conf_for_domain(realm,
+ domainname,
+ ip);
+ }
+#endif
+ SAFE_FREE(sitename);
+ ads_destroy( &ads );
+ return True;
+ }
+
+ ads_destroy( &ads );
+ }
+#endif
+
+ /* try GETDC requests next */
if (send_getdc_request(ip, domainname, sid)) {
int i;
@@ -610,31 +646,6 @@ static BOOL dcip_to_name( const char *domainname, const char *realm,
namecache_store(name, 0x20, 1, &ip_list);
return True;
}
-
-#ifdef WITH_ADS
- /* for active directory servers, try to get the ldap server name.
- None of these failure should be considered critical for now */
-
- if ( lp_security() == SEC_ADS )
- {
- ADS_STRUCT *ads;
-
- ads = ads_init( realm, domainname, NULL );
- ads->auth.flags |= ADS_AUTH_NO_BIND;
-
- if ( !ads_try_connect( ads, inet_ntoa(ip) ) ) {
- ads_destroy( &ads );
- return False;
- }
-
- fstrcpy(name, ads->config.ldap_server_name);
- namecache_store(name, 0x20, 1, &ip_list);
-
- ads_destroy( &ads );
- return True;
- }
-#endif
-
return False;
}