summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2003-05-04 02:48:11 +0000
committerAndrew Bartlett <abartlet@samba.org>2003-05-04 02:48:11 +0000
commit6a19f354e5ff4e0de91783b23a8161769220e844 (patch)
tree6025a28cb7592d1297090c9a68a3df5dcad87ed9 /source3
parentf4bb3d47323c69f0ba072fbd09da9b715cc3197f (diff)
downloadsamba-6a19f354e5ff4e0de91783b23a8161769220e844.tar.gz
samba-6a19f354e5ff4e0de91783b23a8161769220e844.tar.bz2
samba-6a19f354e5ff4e0de91783b23a8161769220e844.zip
Patch from Ken Cross to allow an ADS domain join with a username of the form
user@realm, where realm might not be the realm we are joining. Andrew Bartlett (This used to be commit 00e08efb5cd21bf42be9125d3188efbf9d13b8b7)
Diffstat (limited to 'source3')
-rw-r--r--source3/libads/krb5_setpw.c2
-rw-r--r--source3/utils/net_ads.c20
2 files changed, 19 insertions, 3 deletions
diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c
index 214871b3fb..856809decc 100644
--- a/source3/libads/krb5_setpw.c
+++ b/source3/libads/krb5_setpw.c
@@ -677,7 +677,7 @@ ADS_STATUS ads_set_machine_password(ADS_STRUCT *ads,
we need to use the '$' form of the name here, as otherwise the
server might end up setting the password for a user instead
*/
- asprintf(&principal, "%s$@%s", host, ads->auth.realm);
+ asprintf(&principal, "%s$@%s", host, ads->config.realm);
status = krb5_set_password(ads->auth.kdc_server, principal, password, ads->auth.time_offset);
diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index d775135e0a..1a50f9d270 100644
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -109,6 +109,9 @@ static int net_ads_info(int argc, const char **argv)
d_printf("LDAP port: %d\n", ads->ldap_port);
d_printf("Server time: %s\n", http_timestring(ads->config.current_time));
+ d_printf("KDC server: %s\n", ads->auth.kdc_server );
+ d_printf("Server time offset: %d\n", ads->auth.time_offset );
+
return 0;
}
@@ -124,6 +127,7 @@ static ADS_STRUCT *ads_startup(void)
ADS_STATUS status;
BOOL need_password = False;
BOOL second_time = False;
+ char *cp;
ads = ads_init(NULL, NULL, opt_host);
@@ -145,12 +149,24 @@ retry:
if (opt_password) {
use_in_memory_ccache();
- ads->auth.password = strdup(opt_password);
+ ads->auth.password = smb_xstrdup(opt_password);
}
- ads->auth.user_name = strdup(opt_user_name);
+ ads->auth.user_name = smb_xstrdup(opt_user_name);
+
+ /*
+ * If the username is of the form "name@realm",
+ * extract the realm and convert to upper case.
+ * This is only used to establish the connection.
+ */
+ if (cp = strchr(ads->auth.user_name, '@')) {
+ *cp++ = '\0';
+ ads->auth.realm = smb_xstrdup(cp);
+ strupper(ads->auth.realm);
+ }
status = ads_connect(ads);
+
if (!ADS_ERR_OK(status)) {
if (!need_password && !second_time) {
need_password = True;