/* Local secrets are stored in secrets.ldb */
ldb = secrets_db_connect(mem_ctx);
if (!ldb) {
+ /* set anonymous as the fallback, if the machine account won't work */
+ cli_credentials_set_anonymous(cred);
DEBUG(1, ("Could not open secrets.ldb\n"));
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
}
if (ldb_ret == 0) {
DEBUG(1, ("Could not find entry to match filter: %s\n",
filter));
+ /* set anonymous as the fallback, if the machine account won't work */
+ cli_credentials_set_anonymous(cred);
talloc_free(mem_ctx);
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
} else if (ldb_ret != 1) {
DEBUG(1, ("Found more than one (%d) entry to match filter: %s\n",
ldb_ret, filter));
+ /* set anonymous as the fallback, if the machine account won't work */
+ cli_credentials_set_anonymous(cred);
talloc_free(mem_ctx);
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
}
if (!machine_account) {
DEBUG(1, ("Could not find 'samAccountName' in join record to domain: %s\n",
cli_credentials_get_domain(cred)));
+ /* set anonymous as the fallback, if the machine account won't work */
+ cli_credentials_set_anonymous(cred);
talloc_free(mem_ctx);
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
}
DEBUG(1, ("Could not find 'secret' in join record to domain: %s\n",
cli_credentials_get_domain(cred)));
+
+ /* set anonymous as the fallback, if the machine account won't work */
+ cli_credentials_set_anonymous(cred);
+
talloc_free(mem_ctx);
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
}
* (chewing CPU time) from the password */
keytab = ldb_msg_find_string(msgs[0], "krb5Keytab", NULL);
if (keytab) {
- cli_credentials_set_keytab(cred, keytab, CRED_SPECIFIED);
+ cli_credentials_set_keytab_name(cred, keytab, CRED_SPECIFIED);
} else {
keytab = ldb_msg_find_string(msgs[0], "privateKeytab", NULL);
if (keytab) {
keytab = talloc_asprintf(mem_ctx, "FILE:%s", private_path(mem_ctx, keytab));
if (keytab) {
- cli_credentials_set_keytab(cred, keytab, CRED_SPECIFIED);
+ cli_credentials_set_keytab_name(cred, keytab, CRED_SPECIFIED);
}
}
}
*/
NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cred)
{
- char *filter = talloc_asprintf(cred, SECRETS_PRIMARY_DOMAIN_FILTER,
+ char *filter;
+ /* Bleh, nasty recursion issues: We are setting a machine
+ * account here, so we don't want the 'pending' flag around
+ * any more */
+ cred->machine_account_pending = False;
+ filter = talloc_asprintf(cred, SECRETS_PRIMARY_DOMAIN_FILTER,
cli_credentials_get_domain(cred));
return cli_credentials_set_secrets(cred, SECRETS_PRIMARY_DOMAIN_DN,
filter);
*/
NTSTATUS cli_credentials_set_krbtgt(struct cli_credentials *cred)
{
- char *filter = talloc_asprintf(cred, SECRETS_KRBTGT_SEARCH,
+ char *filter;
+ /* Bleh, nasty recursion issues: We are setting a machine
+ * account here, so we don't want the 'pending' flag around
+ * any more */
+ cred->machine_account_pending = False;
+ filter = talloc_asprintf(cred, SECRETS_KRBTGT_SEARCH,
cli_credentials_get_realm(cred),
cli_credentials_get_domain(cred));
return cli_credentials_set_secrets(cred, SECRETS_PRINCIPALS_DN,
NTSTATUS cli_credentials_set_stored_principal(struct cli_credentials *cred,
const char *serviceprincipal)
{
- char *filter = talloc_asprintf(cred, SECRETS_PRINCIPAL_SEARCH,
- cli_credentials_get_realm(cred),
- cli_credentials_get_domain(cred),
- serviceprincipal);
+ char *filter;
+ /* Bleh, nasty recursion issues: We are setting a machine
+ * account here, so we don't want the 'pending' flag around
+ * any more */
+ cred->machine_account_pending = False;
+ filter = talloc_asprintf(cred, SECRETS_PRINCIPAL_SEARCH,
+ cli_credentials_get_realm(cred),
+ cli_credentials_get_domain(cred),
+ serviceprincipal);
return cli_credentials_set_secrets(cred, SECRETS_PRINCIPALS_DN,
filter);
}