#include "includes.h"
-#ifdef HAVE_ADS
-
static struct perm_mask_str {
uint32 mask;
char *str;
printf("-------------- End Of Security Descriptor\n");
}
-#endif
}
+/**
+ * Set the machine account password
+ * @param ads connection to ads server
+ * @param hostname machine whose password is being set
+ * @param password new password
+ * @return status of password change
+ **/
+ADS_STATUS ads_set_machine_password(ADS_STRUCT *ads,
+ const char *hostname,
+ const char *password)
+{
+ ADS_STATUS status;
+ char *host = strdup(hostname);
+ char *principal;
+
+ strlower(host);
+
+ /*
+ we need to use the '$' form of the name here, as otherwise the
+ server might end up setting the password for a user instead
+ */
+ asprintf(&principal, "%s$@%s", host, ads->auth.realm);
+
+ status = krb5_set_password(ads->auth.kdc_server, principal, password, ads->auth.time_offset);
+
+ free(host);
+ free(principal);
+
+ return status;
+}
+
#endif
#include "includes.h"
-#ifdef HAVE_ADS
+#ifdef HAVE_LDAP
/**
* @file ldap.c
return ret;
}
-/**
- * Set the machine account password
- * @param ads connection to ads server
- * @param hostname machine whose password is being set
- * @param password new password
- * @return status of password change
- **/
-ADS_STATUS ads_set_machine_password(ADS_STRUCT *ads,
- const char *hostname,
- const char *password)
-{
- ADS_STATUS status;
- char *host = strdup(hostname);
- char *principal;
-
- strlower(host);
-
- /*
- we need to use the '$' form of the name here, as otherwise the
- server might end up setting the password for a user instead
- */
- asprintf(&principal, "%s$@%s", host, ads->auth.realm);
-
- status = krb5_set_password(ads->auth.kdc_server, principal, password, ads->auth.time_offset);
-
- free(host);
- free(principal);
-
- return status;
-}
-
/**
* pull the first entry from a ADS result
* @param ads connection to ads server
#include "includes.h"
-#ifdef HAVE_ADS
+#ifdef HAVE_LDAP
/*
perform a LDAP/SASL/SPNEGO/NTLMSSP bind (just how many layers can
}
DEBUG(3,("got principal=%s\n", principal));
+#ifdef HAVE_KRB5
if (!(ads->auth.flags & ADS_AUTH_DISABLE_KERBEROS) &&
got_kerberos_mechanism && ads_kinit_password(ads) == 0) {
return ads_sasl_spnego_krb5_bind(ads, principal);
}
+#endif
/* lets do NTLMSSP ... this has the big advantage that we don't need
to sync clocks, and we don't rely on special versions of the krb5