summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/libads/disp_sec.c3
-rw-r--r--source3/libads/krb5_setpw.c31
-rw-r--r--source3/libads/ldap.c33
-rw-r--r--source3/libads/sasl.c4
4 files changed, 35 insertions, 36 deletions
diff --git a/source3/libads/disp_sec.c b/source3/libads/disp_sec.c
index a930fd6fe0..a7b0bf6f07 100644
--- a/source3/libads/disp_sec.c
+++ b/source3/libads/disp_sec.c
@@ -20,8 +20,6 @@
#include "includes.h"
-#ifdef HAVE_ADS
-
static struct perm_mask_str {
uint32 mask;
char *str;
@@ -158,5 +156,4 @@ void ads_disp_sd(SEC_DESC *sd)
printf("-------------- End Of Security Descriptor\n");
}
-#endif
diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c
index a49b6cbe3b..8079c0953f 100644
--- a/source3/libads/krb5_setpw.c
+++ b/source3/libads/krb5_setpw.c
@@ -471,4 +471,35 @@ ADS_STATUS kerberos_set_password(const char *kpasswd_server,
}
+/**
+ * Set the machine account password
+ * @param ads connection to ads server
+ * @param hostname machine whose password is being set
+ * @param password new password
+ * @return status of password change
+ **/
+ADS_STATUS ads_set_machine_password(ADS_STRUCT *ads,
+ const char *hostname,
+ const char *password)
+{
+ ADS_STATUS status;
+ char *host = strdup(hostname);
+ char *principal;
+
+ strlower(host);
+
+ /*
+ we need to use the '$' form of the name here, as otherwise the
+ server might end up setting the password for a user instead
+ */
+ asprintf(&principal, "%s$@%s", host, ads->auth.realm);
+
+ status = krb5_set_password(ads->auth.kdc_server, principal, password, ads->auth.time_offset);
+
+ free(host);
+ free(principal);
+
+ return status;
+}
+
#endif
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index 1004ea229c..2133bf0719 100644
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -22,7 +22,7 @@
#include "includes.h"
-#ifdef HAVE_ADS
+#ifdef HAVE_LDAP
/**
* @file ldap.c
@@ -1444,37 +1444,6 @@ ads_set_sd_error:
}
/**
- * Set the machine account password
- * @param ads connection to ads server
- * @param hostname machine whose password is being set
- * @param password new password
- * @return status of password change
- **/
-ADS_STATUS ads_set_machine_password(ADS_STRUCT *ads,
- const char *hostname,
- const char *password)
-{
- ADS_STATUS status;
- char *host = strdup(hostname);
- char *principal;
-
- strlower(host);
-
- /*
- we need to use the '$' form of the name here, as otherwise the
- server might end up setting the password for a user instead
- */
- asprintf(&principal, "%s$@%s", host, ads->auth.realm);
-
- status = krb5_set_password(ads->auth.kdc_server, principal, password, ads->auth.time_offset);
-
- free(host);
- free(principal);
-
- return status;
-}
-
-/**
* pull the first entry from a ADS result
* @param ads connection to ads server
* @param res Results of search
diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c
index f7dd01084a..aa7d99a5f7 100644
--- a/source3/libads/sasl.c
+++ b/source3/libads/sasl.c
@@ -20,7 +20,7 @@
#include "includes.h"
-#ifdef HAVE_ADS
+#ifdef HAVE_LDAP
/*
perform a LDAP/SASL/SPNEGO/NTLMSSP bind (just how many layers can
@@ -190,10 +190,12 @@ static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads)
}
DEBUG(3,("got principal=%s\n", principal));
+#ifdef HAVE_KRB5
if (!(ads->auth.flags & ADS_AUTH_DISABLE_KERBEROS) &&
got_kerberos_mechanism && ads_kinit_password(ads) == 0) {
return ads_sasl_spnego_krb5_bind(ads, principal);
}
+#endif
/* lets do NTLMSSP ... this has the big advantage that we don't need
to sync clocks, and we don't rely on special versions of the krb5