$(GROUPDB_OBJ) $(PROFILE_OBJ) \
$(NECESSARY_BECAUSE_SAMBA_DEPENDENCIES_ARE_SO_BROKEN_OBJ)
-WBINFO_OBJ = nsswitch/wbinfo.o libsmb/smbencrypt.o libsmb/smbdes.o
+WBINFO_OBJ = nsswitch/wbinfo.o libsmb/smbencrypt.o libsmb/smbdes.o \
+ passdb/secrets.o
WINBIND_NSS_OBJ = nsswitch/winbind_nss.o nsswitch/wb_common.o
@echo Linking $@
@$(LINK) $(LDSHFLAGS) -o $@ $(PAM_WINBIND_OBJ)
-bin/wbinfo: $(WBINFO_OBJ) $(PARAM_OBJ) $(LIB_OBJ) $(NOPROTO_OBJ) $(UBIQX_OBJ) bin/.dummy
+bin/wbinfo: $(WBINFO_OBJ) $(PARAM_OBJ) $(LIB_OBJ) $(NOPROTO_OBJ) \
+ $(UBIQX_OBJ) @BUILD_POPT@ bin/.dummy
@echo Linking $@
@$(LINK) -o $@ $(WBINFO_OBJ) $(PARAM_OBJ) $(LIB_OBJ) $(NOPROTO_OBJ) \
- $(UBIQX_OBJ) $(LIBS)
+ $(UBIQX_OBJ) $(LIBS) @BUILD_POPT@
bin/pam_smbpass.@SHLIBEXT@: $(PAM_SMBPASS_PICOOBJ)
@echo "Linking shared library $@"
#define SETENV(name, value, overwrite) ;
#endif
+/* Authenticated user info is stored in secrets.tdb under these keys */
+
+#define SECRETS_AUTH_USER "SECRETS/AUTH_USER"
+#define SECRETS_AUTH_PASSWORD "SECRETS/AUTH_PASSWORD"
+
#endif /* _WINBINDD_H */
return True;
}
+/* Choose between anonymous or authenticated connections. We need to use
+ an authenticated connection if DCs have the RestrictAnonymous registry
+ entry set > 0, or the "Additional restrictions for anonymous
+ connections" set in the win2k Local Security Policy. */
+
+void cm_init_creds(struct ntuser_creds *creds)
+{
+ char *username, *password;
+
+ ZERO_STRUCTP(creds);
+
+ creds->pwd.null_pwd = True; /* anonymoose */
+
+ username = secrets_fetch(SECRETS_AUTH_USER, NULL);
+ password = secrets_fetch(SECRETS_AUTH_PASSWORD, NULL);
+
+ if (username && *username) {
+ pwd_set_cleartext(&creds->pwd, password);
+
+ fstrcpy(creds->user_name, username);
+ fstrcpy(creds->domain, lp_workgroup());
+
+ DEBUG(3, ("IPC$ connections done %s\\%s\n", creds->domain,
+ creds->user_name));
+ } else
+ DEBUG(3, ("IPC$ connections done anonymously\n"));
+}
+
/* Open a new smb pipe connection to a DC on a given domain. Cache
negative creation attempts so we don't try and connect to broken
machines too often. */
make_nmb_name(&called, dns_to_netbios_name(new_conn->controller), 0x20);
make_nmb_name(&calling, dns_to_netbios_name(global_myname), 0);
- ZERO_STRUCT(creds);
- creds.pwd.null_pwd = 1;
+ cm_init_creds(&creds);
cli_init_creds(new_conn->cli, &creds);