int ldap_port;
char *bind_path;
time_t last_attempt;
+ char *password;
} ADS_STRUCT;
*/
ADS_STRUCT *ads_init(const char *realm,
const char *ldap_server,
- const char *bind_path)
+ const char *bind_path,
+ const char *password)
{
ADS_STRUCT *ads;
ads->ldap_server = ldap_server? strdup(ldap_server) : NULL;
ads->bind_path = bind_path? strdup(bind_path) : NULL;
ads->ldap_port = LDAP_PORT;
+ if (password) ads->password = strdup(password);
if (!ads->realm) {
ads->realm = strdup(lp_realm());
SAFE_FREE((*ads)->ldap_server);
SAFE_FREE((*ads)->kdc_server);
SAFE_FREE((*ads)->bind_path);
+ SAFE_FREE((*ads)->password);
ZERO_STRUCTP(*ads);
SAFE_FREE(*ads);
}
#ifdef HAVE_KRB5
+
+/* VERY nasty hack until we have proper kerberos code for this */
+void kerberos_kinit_password(ADS_STRUCT *ads)
+{
+ char *s;
+ FILE *f;
+ extern pstring global_myname;
+ fstring myname;
+ fstrcpy(myname, global_myname);
+ strlower(myname);
+ asprintf(&s, "kinit 'HOST/%s@%s'", global_myname, ads->realm);
+ DEBUG(0,("HACK!! Running %s\n", s));
+ f = popen(s, "w");
+ if (f) {
+ fprintf(f,"%s\n", ads->password);
+ fflush(f);
+ fclose(f);
+ }
+ free(s);
+}
+
/*
verify an incoming ticket and parse out the principal name and
authorization_data if available
}
ldap_set_option(ads->ld, LDAP_OPT_PROTOCOL_VERSION, &version);
+ if (ads->password) {
+ kerberos_kinit_password(ads);
+ }
+
rc = ldap_sasl_interactive_bind_s(ads->ld, NULL, NULL, NULL, NULL,
LDAP_SASL_QUIET,
sasl_interact, NULL);
return (ADS_STRUCT *)domain->private;
}
- ads = ads_init(NULL, NULL, NULL);
+ ads = ads_init(NULL, NULL, NULL, secrets_fetch_machine_password());
if (!ads) {
DEBUG(1,("ads_init for domain %s failed\n", domain->name));
return NULL;
#endif
{
ADS_STRUCT *ads;
- ads = ads_init(NULL, NULL, NULL);
+ ads = ads_init(NULL, NULL, NULL, NULL);
/* win2000 uses host$@REALM, which we will probably use eventually,
but for now this works */
return ERROR_NT(NT_STATUS_LOGON_FAILURE);
}
- ads = ads_init(NULL, NULL, NULL);
+ ads = ads_init(NULL, NULL, NULL, NULL);
ret = ads_verify_ticket(ads, &ticket, &client, &auth_data);
if (!NT_STATUS_IS_OK(ret)) {
{
ADS_STRUCT *ads;
int rc;
- ads = ads_init(NULL, NULL, NULL);
+ ads = ads_init(NULL, NULL, NULL, NULL);
rc = ads_connect(ads);
if (rc) {