From a9d9447d5a448e13d4373c3c4b48f0edd49dc38a Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 20 Feb 2010 11:44:41 +1100 Subject: s4:credentials Add hooks to extract a named Kerberos credentials cache This allows the integration of external tools that can't be linked into C or python, but need to authenticate as the local machine account. The machineaccountccache script demonstrates this, and debugging has been improved in cli_credentials_set_secrets() by passing back and error string. Andrew Bartlett --- source4/dsdb/samdb/samdb.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/samdb.c') diff --git a/source4/dsdb/samdb/samdb.c b/source4/dsdb/samdb/samdb.c index 0ccceddf6b..2232e436d2 100644 --- a/source4/dsdb/samdb/samdb.c +++ b/source4/dsdb/samdb/samdb.c @@ -86,6 +86,7 @@ struct cli_credentials *samdb_credentials(struct tevent_context *event_ctx, { static struct cli_credentials *static_credentials; struct cli_credentials *cred; + char *error_string; if (static_credentials) { return static_credentials; @@ -103,7 +104,8 @@ struct cli_credentials *samdb_credentials(struct tevent_context *event_ctx, cli_credentials_set_kerberos_state(cred, CRED_DONT_USE_KERBEROS); if (!NT_STATUS_IS_OK(cli_credentials_set_secrets(cred, event_ctx, lp_ctx, NULL, NULL, - SECRETS_LDAP_FILTER))) { + SECRETS_LDAP_FILTER, &error_string))) { + DEBUG(5, ("(normal if no LDAP backend) %s", error_string)); /* Perfectly OK - if not against an LDAP backend */ talloc_free(cred); return NULL; -- cgit