self->ads_ptr = NULL;
}
/* always succeeds or crashes */
- self->ads_ptr = ads_init(realm, workgroup, ldap_server);
+ self->ads_ptr = ads_init(realm, workgroup, ldap_server, ADS_SASL_PLAIN);
return 0;
}
dc = strip_hostname(info->dc_unc);
- ads = ads_init(info->domain_name, info->domain_name, dc);
+ ads = ads_init(info->domain_name,
+ info->domain_name,
+ dc,
+ ADS_SASL_PLAIN);
if (!ads) {
return WERR_GEN_FAILURE;
}
#ifndef _LIBADS_ADS_PROTO_H_
#define _LIBADS_ADS_PROTO_H_
+enum ads_sasl_state_e {
+ ADS_SASL_PLAIN = 0,
+ ADS_SASL_SIGN,
+ ADS_SASL_SEAL,
+};
+
/* The following definitions come from libads/ads_struct.c */
char *ads_build_path(const char *realm, const char *sep, const char *field, int reverse);
char *ads_build_domain(const char *dn);
ADS_STRUCT *ads_init(const char *realm,
const char *workgroup,
- const char *ldap_server);
+ const char *ldap_server,
+ enum ads_sasl_state_e sasl_state);
bool ads_set_sasl_wrap_flags(ADS_STRUCT *ads, int flags);
void ads_destroy(ADS_STRUCT **ads);
*/
ADS_STRUCT *ads_init(const char *realm,
const char *workgroup,
- const char *ldap_server)
+ const char *ldap_server,
+ enum ads_sasl_state_e sasl_state)
{
ADS_STRUCT *ads;
int wrap_flags;
wrap_flags = 0;
}
+ switch (sasl_state) {
+ case ADS_SASL_PLAIN:
+ break;
+ case ADS_SASL_SIGN:
+ wrap_flags |= ADS_AUTH_SASL_SIGN;
+ break;
+ case ADS_SASL_SEAL:
+ wrap_flags |= ADS_AUTH_SASL_SEAL;
+ break;
+ }
+
ads->auth.flags = wrap_flags;
/* Start with the configured page size when the connection is new,
if ( !ads->ldap.ld ) {
if ( (ads_s = ads_init( ads->server.realm, ads->server.workgroup,
- ads->server.ldap_server )) == NULL )
+ ads->server.ldap_server, ADS_SASL_PLAIN )) == NULL )
{
status = ADS_ERROR(LDAP_NO_MEMORY);
goto done;
if ( !ads->ldap.ld ) {
if ( (ads_s = ads_init( ads->server.realm, ads->server.workgroup,
- ads->server.ldap_server )) == NULL )
+ ads->server.ldap_server, ADS_SASL_PLAIN )) == NULL )
{
status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
goto done;
my_ads = ads_init(dns_domain_name,
netbios_domain_name,
- dc_name);
+ dc_name,
+ ADS_SASL_SEAL);
if (!my_ads) {
return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
}
/* Try this 3 times then give up. */
for( i =0 ; i < 3; i++) {
- ads = ads_init(realm, domain, NULL);
+ ads = ads_init(realm, domain, NULL, ADS_SASL_PLAIN);
if (!ads) {
TALLOC_FREE(sitename);
return False;
return WERR_NOT_ENOUGH_MEMORY;
}
- ads = ads_init(lp_realm(), lp_workgroup(), NULL);
+ ads = ads_init(lp_realm(), lp_workgroup(), NULL, ADS_SASL_PLAIN);
if (ads == NULL) {
result = WERR_RPC_S_SERVER_UNAVAILABLE;
goto out;
TALLOC_FREE(sinfo2);
- ads = ads_init(lp_realm(), lp_workgroup(), NULL);
+ ads = ads_init(lp_realm(), lp_workgroup(), NULL, ADS_SASL_PLAIN);
if (!ads) {
DEBUG(3, ("ads_init() failed\n"));
win_rc = WERR_RPC_S_SERVER_UNAVAILABLE;
tmp_ctx = talloc_new(NULL);
if (!tmp_ctx) return WERR_NOT_ENOUGH_MEMORY;
- ads = ads_init(lp_realm(), lp_workgroup(), NULL);
+ ads = ads_init(lp_realm(), lp_workgroup(), NULL, ADS_SASL_PLAIN);
if (!ads) {
DEBUG(3, ("ads_init() failed\n"));
return WERR_RPC_S_SERVER_UNAVAILABLE;
realm = assume_own_realm(c);
}
- ads = ads_init(realm, c->opt_target_workgroup, c->opt_host);
+ ads = ads_init(realm,
+ c->opt_target_workgroup,
+ c->opt_host,
+ ADS_SASL_PLAIN);
if (!c->opt_user_name) {
c->opt_user_name = "administrator";
ADS_STRUCT *ads;
ADS_STATUS status;
- if ( (ads = ads_init( realm, workgroup, host )) == NULL ) {
+ ads = ads_init(realm, workgroup, host, ADS_SASL_PLAIN);
+ if (ads == NULL ) {
return -1;
}
* kinit with the machine password to do dns update.
*/
- ads_dns = ads_init(lp_realm(), NULL, r->in.dc_name);
+ ads_dns = ads_init(lp_realm(), NULL, r->in.dc_name, ADS_SASL_PLAIN);
if (ads_dns == NULL) {
d_fprintf(stderr, _("DNS update failed: out of memory!\n"));
/* use the realm so we can eventually change passwords for users
in realms other than default */
- if (!(ads = ads_init(realm, c->opt_workgroup, c->opt_host))) {
+ ads = ads_init(realm, c->opt_workgroup, c->opt_host, ADS_SASL_PLAIN);
+ if (ads == NULL) {
return -1;
}
/* we don't want this to affect the users ccache */
setenv("KRB5CCNAME", WINBIND_CCACHE_NAME, 1);
- ads = ads_init(target_realm, target_dom_name, ldap_server);
+ ads = ads_init(target_realm,
+ target_dom_name,
+ ldap_server,
+ ADS_SASL_SEAL);
if (!ads) {
DEBUG(1,("ads_init for domain %s failed\n", target_dom_name));
return ADS_ERROR(LDAP_NO_MEMORY);
print_sockaddr(addr, sizeof(addr), pss);
- ads = ads_init(domain->alt_name, domain->name, addr);
+ ads = ads_init(domain->alt_name,
+ domain->name,
+ addr,
+ ADS_SASL_PLAIN);
ads->auth.flags |= ADS_AUTH_NO_BIND;
ads->config.flags |= request_flags;
ads->server.no_fallback = true;